diff --git a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml index e41d10705..bcac39989 100644 --- a/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml +++ b/crd-catalog/DataDog/datadog-operator/datadoghq.com/v2alpha1/datadogagents.yaml @@ -337,7 +337,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8126" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -558,7 +558,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8125" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -920,21 +920,43 @@ spec: description: "GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver." properties: enabled: - description: "Enable the OTLP/gRPC endpoint." + description: "Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/gRPC.\ngRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md\nThe Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`).\nDefault: `0.0.0.0:4317`." type: "string" + hostPortConfig: + description: "Enable hostPort for OTLP/gRPC\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" http: description: "HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver." properties: enabled: - description: "Enable the OTLP/HTTP endpoint." + description: "Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/HTTP.\nDefault: '0.0.0.0:4318'." type: "string" + hostPortConfig: + description: "Enable hostPorts for OTLP/HTTP\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" type: "object" type: "object" @@ -1131,6 +1153,93 @@ spec: description: "URL defines the endpoint URL." type: "string" type: "object" + env: + description: "Env contains a list of environment variables that are set for all Agents." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" fips: description: "FIPS contains configuration used to customize the FIPS proxy sidecar." properties: @@ -1335,6 +1444,20 @@ spec: description: "TLSVerify toggles kubelet TLS verification.\nDefault: true" type: "boolean" type: "object" + kubernetesResourcesAnnotationsAsTags: + additionalProperties: + additionalProperties: + type: "string" + type: "object" + description: "Provide a mapping of Kubernetes Resource Groups to annotations mapping to Datadog Tags.\n:\n\t\t: \nKUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods)" + type: "object" + kubernetesResourcesLabelsAsTags: + additionalProperties: + additionalProperties: + type: "string" + type: "object" + description: "Provide a mapping of Kubernetes Resource Groups to labels mapping to Datadog Tags.\n:\n\t\t: \nKUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods)" + type: "object" localService: description: "LocalService contains configuration to customize the internal traffic policy service." properties: @@ -1426,8 +1549,42 @@ spec: description: "Provide a mapping of Kubernetes Labels to Datadog Tags.\n: " type: "object" registry: - description: "Registry is the image registry to use for all Agent images.\nUse 'public.ecr.aws/datadog' for AWS ECR.\nUse 'docker.io/datadog' for DockerHub.\nDefault: 'gcr.io/datadoghq'" + description: "Registry is the image registry to use for all Agent images.\nUse 'public.ecr.aws/datadog' for AWS ECR.\nUse 'datadoghq.azurecr.io' for Azure Container Registry.\nUse 'gcr.io/datadoghq' for Google Container Registry.\nUse 'eu.gcr.io/datadoghq' for Google Container Registry in the EU region.\nUse 'asia.gcr.io/datadoghq' for Google Container Registry in the Asia region.\nUse 'docker.io/datadog' for DockerHub.\nDefault: 'gcr.io/datadoghq'" type: "string" + secretBackend: + description: "Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management\nSee also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md" + properties: + args: + description: "List of arguments to pass to the command (space-separated strings)." + type: "string" + command: + description: "The secret backend command to use. Datadog provides a pre-defined binary `/readsecret_multiple_providers.sh`.\nRead more about `/readsecret_multiple_providers.sh` at https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers." + type: "string" + enableGlobalPermissions: + description: "Whether to create a global permission allowing Datadog agents to read all Kubernetes secrets.\nDefault: `false`." + type: "boolean" + roles: + description: "Roles for Datadog to read the specified secrets, replacing `enableGlobalPermissions`.\nThey are defined as a list of namespace/secrets.\nEach defined namespace needs to be present in the DatadogAgent controller using `WATCH_NAMESPACE` or `DD_AGENT_WATCH_NAMESPACE`.\nSee also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent." + items: + description: "SecretBackendRolesConfig provides configuration of the secrets Datadog agents can read for the SecretBackend feature" + properties: + namespace: + description: "Namespace defines the namespace in which the secrets reside." + type: "string" + secrets: + description: "Secrets defines the list of secrets for which a role should be created." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "set" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + timeout: + description: "The command timeout in seconds.\nDefault: `30`." + format: "int32" + type: "integer" + type: "object" site: description: "Site is the Datadog intake site Agent data are sent to.\nSet to 'datadoghq.com' to send data to the US1 site (default).\nSet to 'datadoghq.eu' to send data to the EU site.\nSet to 'us3.datadoghq.com' to send data to the US3 site.\nSet to 'us5.datadoghq.com' to send data to the US5 site.\nSet to 'ddog-gov.com' to send data to the US1-FED site.\nSet to 'ap1.datadoghq.com' to send data to the AP1 site.\nDefault: 'datadoghq.com'" type: "string" @@ -2604,6 +2761,38 @@ spec: x-kubernetes-list-map-keys: - "name" x-kubernetes-list-type: "map" + envFrom: + description: "EnvFrom specifies the ConfigMaps and Secrets to expose as environment variables.\nPriority is env > envFrom." + items: + description: "EnvFromSource represents the source of a set of ConfigMaps" + properties: + configMapRef: + description: "The ConfigMap to select from" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + prefix: + description: "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." + type: "string" + secretRef: + description: "The Secret to select from" + properties: + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret must be defined" + type: "boolean" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + type: "array" extraChecksd: description: "Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/\nSee https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details." properties: @@ -2823,6 +3012,11 @@ spec: type: "string" type: "object" type: "object" + serviceAccountAnnotations: + additionalProperties: + type: "string" + description: "Sets the ServiceAccountAnnotations used by this component." + type: "object" serviceAccountName: description: "Sets the ServiceAccount used by this component.\nIgnored if the field CreateRbac is true." type: "string" @@ -4359,7 +4553,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8126" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -4580,7 +4774,7 @@ spec: description: "HostPortConfig contains host port configuration.\nEnabled Default: false\nPort Default: 8125" properties: enabled: - description: "Enabled enables host port configuration\nDefault: false" + description: "Enabled enables host port configuration" type: "boolean" hostPort: description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." @@ -4942,21 +5136,43 @@ spec: description: "GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver." properties: enabled: - description: "Enable the OTLP/gRPC endpoint." + description: "Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/gRPC.\ngRPC supports several naming schemes: https://github.com/grpc/grpc/blob/master/doc/naming.md\nThe Datadog Operator supports only 'host:port' (usually `0.0.0.0:port`).\nDefault: `0.0.0.0:4317`." type: "string" + hostPortConfig: + description: "Enable hostPort for OTLP/gRPC\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" http: description: "HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver." properties: enabled: - description: "Enable the OTLP/HTTP endpoint." + description: "Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled." type: "boolean" endpoint: description: "Endpoint for OTLP/HTTP.\nDefault: '0.0.0.0:4318'." type: "string" + hostPortConfig: + description: "Enable hostPorts for OTLP/HTTP\nDefault: true" + properties: + enabled: + description: "Enabled enables host port configuration" + type: "boolean" + hostPort: + description: "Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.)\nIf HostNetwork is enabled, this value must match the ContainerPort." + format: "int32" + type: "integer" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/DopplerHQ/kubernetes-operator/secrets.doppler.com/v1alpha1/dopplersecrets.yaml b/crd-catalog/DopplerHQ/kubernetes-operator/secrets.doppler.com/v1alpha1/dopplersecrets.yaml index 3b3a16977..caa1f56d0 100644 --- a/crd-catalog/DopplerHQ/kubernetes-operator/secrets.doppler.com/v1alpha1/dopplersecrets.yaml +++ b/crd-catalog/DopplerHQ/kubernetes-operator/secrets.doppler.com/v1alpha1/dopplersecrets.yaml @@ -131,7 +131,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n \ttype FooStatus struct{ \t // Represents the observations of a foo's current state. \t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" \t // +patchMergeKey=type \t // +patchStrategy=merge \t // +listType=map \t // +listMapKey=type \t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n \t // other fields \t}" properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." diff --git a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml index 449130805..10b688d35 100644 --- a/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml +++ b/crd-catalog/Kuadrant/dns-operator/kuadrant.io/v1alpha1/dnsrecords.yaml @@ -88,26 +88,30 @@ spec: - "name" type: "object" failureThreshold: - description: "FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy" + default: 5 + description: "FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy\nDefaults to 5" type: "integer" x-kubernetes-validations: - message: "Failure threshold must be greater than 0" rule: "self > 0" interval: - description: "Interval defines how frequently this probe should execute" + default: "5m" + description: "Interval defines how frequently this probe should execute\nDefaults to 5 minutes" type: "string" path: description: "Path is the path to append to the host to reach the expected health check.\nMust start with \"?\" or \"/\", contain only valid URL characters and end with alphanumeric char or \"/\". For example \"/\" or \"/healthz\" are common" pattern: "^(?:\\?|\\/)[\\w\\-.~:\\/?#\\[\\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\\/){1}$" type: "string" port: - description: "Port to connect to the host on. Must be either 80, 443 or 1024-49151" + default: 443 + description: "Port to connect to the host on. Must be either 80, 443 or 1024-49151\nDefaults to port 443" type: "integer" x-kubernetes-validations: - message: "Only ports 80, 443, 1024-49151 are allowed" rule: "self in [80, 443] || (self >= 1024 && self <= 49151)" protocol: - description: "Protocol to use when connecting to the host, valid values are \"HTTP\" or \"HTTPS\"" + default: "HTTPS" + description: "Protocol to use when connecting to the host, valid values are \"HTTP\" or \"HTTPS\"\nDefaults to HTTPS" type: "string" x-kubernetes-validations: - message: "Only HTTP or HTTPS protocols are allowed" diff --git a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml new file mode 100644 index 000000000..00668e98b --- /dev/null +++ b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml @@ -0,0 +1,5269 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "v0.16.5" + labels: + gateway.networking.k8s.io/policy: "inherited" + name: "authpolicies.kuadrant.io" +spec: + group: "kuadrant.io" + names: + kind: "AuthPolicy" + listKind: "AuthPolicyList" + plural: "authpolicies" + singular: "authpolicy" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - description: "AuthPolicy Accepted" + jsonPath: ".status.conditions[?(@.type==\"Accepted\")].status" + name: "Accepted" + priority: 2 + type: "string" + - description: "AuthPolicy Enforced" + jsonPath: ".status.conditions[?(@.type==\"Enforced\")].status" + name: "Enforced" + priority: 2 + type: "string" + - description: "Kind of the object to which the policy aaplies" + jsonPath: ".spec.targetRef.kind" + name: "TargetKind" + priority: 2 + type: "string" + - description: "Name of the object to which the policy applies" + jsonPath: ".spec.targetRef.name" + name: "TargetName" + priority: 2 + type: "string" + - description: "Name of the section within the object to which the policy applies " + jsonPath: ".spec.targetRef.sectionName" + name: "TargetSection" + priority: 2 + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1" + schema: + openAPIV3Schema: + description: "AuthPolicy enables authentication and authorization for service workloads in a Gateway API network" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + properties: + defaults: + description: "Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides.\nUse one of: defaults, overrides, or bare set of policy rules (implicit defaults)." + properties: + patterns: + additionalProperties: + properties: + allOf: + items: + properties: + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "allOf" + type: "object" + description: "Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules." + type: "object" + rules: + description: "The auth rules of the policy.\nSee Authorino's AuthConfig CRD for more details." + properties: + authentication: + additionalProperties: + properties: + anonymous: + description: "Anonymous access." + type: "object" + apiKey: + description: "Authentication based on API keys stored in Kubernetes secrets." + properties: + allNamespaces: + default: false + description: "Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig.\nEnabling this option in namespaced Authorino instances has no effect." + type: "boolean" + selector: + description: "Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "selector" + type: "object" + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + credentials: + description: "Defines where credentials are required to be passed in the request for authentication based on this config.\nIf omitted, it defaults to credentials passed in the HTTP Authorization header and the \"Bearer\" prefix prepended to the secret credential value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + defaults: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Set default property values (claims) for the resolved identity object, that are set before appending the object to\nthe authorization JSON. If the property is already present in the resolved identity object, the default value is ignored.\nIt requires the resolved identity object to always be a JSON object.\nDo not use this option with identity objects of other JSON types (array, string, etc)." + type: "object" + jwt: + description: "Authentication based on JWT tokens." + properties: + issuerUrl: + description: "URL of the issuer of the JWT.\nIf `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint\n(i.e. \"/.well-known/openid-configuration\") to this URL, to discover the OIDC configuration where to obtain\nthe \"jkws_uri\" claim from.\nThe value must coincide with the value of the \"iss\" (issuer) claim of the discovered OpenID Connect configuration." + type: "string" + ttl: + description: "Decides how long to wait before refreshing the JWKS (in seconds).\nIf omitted, Authorino will never refresh the JWKS." + type: "integer" + type: "object" + kubernetesTokenReview: + description: "Authentication by Kubernetes token review." + properties: + audiences: + description: "The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino.\nIf omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences." + items: + type: "string" + type: "array" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + oauth2Introspection: + description: "Authentication by OAuth2 token introspection." + properties: + credentialsRef: + description: "Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server." + properties: + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + endpoint: + description: "The full URL of the token introspection endpoint." + type: "string" + tokenTypeHint: + description: "The token type hint for the token introspection.\nIf omitted, it defaults to \"access_token\"." + type: "string" + required: + - "credentialsRef" + - "endpoint" + type: "object" + overrides: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Overrides the resolved identity object by setting the additional properties (claims) specified in this config,\nbefore appending the object to the authorization JSON.\nIt requires the resolved identity object to always be a JSON object.\nDo not use this option with identity objects of other JSON types (array, string, etc)." + type: "object" + plain: + description: "Identity object extracted from the context.\nUse this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + x509: + description: "Authentication based on client X.509 certificates.\nThe certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets." + properties: + allNamespaces: + default: false + description: "Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig.\nEnabling this option in namespaced Authorino instances has no effect." + type: "boolean" + selector: + description: "Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate\nclients trying to authenticate to this service" + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + required: + - "selector" + type: "object" + type: "object" + description: "Authentication configs.\nAt least one config MUST evaluate to a valid identity object for the auth request to be successful." + type: "object" + authorization: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + kubernetesSubjectAccessReview: + description: "Authorization by Kubernetes SubjectAccessReview" + properties: + groups: + description: "Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC." + items: + type: "string" + type: "array" + resourceAttributes: + description: "Use resourceAttributes to check permissions on Kubernetes resources.\nIf omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request." + properties: + group: + description: "API group of the resource.\nUse '*' for all API groups." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + description: "Resource name\nOmit it to check for authorization on all resources of the specified kind." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + namespace: + description: "Namespace where the user must have permissions on the resource." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + resource: + description: "Resource kind\nUse '*' for all resource kinds." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + subresource: + description: "Subresource kind" + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + verb: + description: "Verb to check for authorization on the resource.\nUse '*' for all verbs." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + user: + description: "User to check for authorization in the Kubernetes RBAC.\nOmit it to check for group authorization only." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + opa: + description: "Open Policy Agent (OPA) Rego policy." + properties: + allValues: + default: false + description: "Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline.\nOtherwise, only the default `allow` rule will be exposed.\nReturning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime." + type: "boolean" + externalPolicy: + description: "Settings for fetching the OPA policy from an external registry.\nUse it alternatively to 'rego'.\nFor the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters',\n'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'." + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + ttl: + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + urlExpression: + type: "string" + type: "object" + rego: + description: "Authorization policy as a Rego language document.\nThe Rego document must include the \"allow\" condition, set by Authorino to \"false\" by default (i.e. requests are unauthorized unless changed).\nThe Rego document must NOT include the \"package\" declaration in line 1." + type: "string" + type: "object" + patternMatching: + description: "Pattern-matching authorization rules." + properties: + patterns: + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "patterns" + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + spicedb: + description: "Authorization decision delegated to external Authzed/SpiceDB server." + properties: + endpoint: + description: "Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051)." + type: "string" + insecure: + description: "Insecure HTTP connection (i.e. disables TLS verification)" + type: "boolean" + permission: + description: "The name of the permission (or relation) on which to execute the check." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + resource: + description: "The resource on which to check the permission or relation." + properties: + kind: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + subject: + description: "The subject that will be checked for the permission or relation." + properties: + kind: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + name: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + required: + - "endpoint" + type: "object" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + type: "object" + description: "Authorization policies.\nAll policies MUST evaluate to \"allowed = true\" for the auth request be successful." + type: "object" + callbacks: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + http: + description: "Settings of the external HTTP request" + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + urlExpression: + type: "string" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + required: + - "http" + type: "object" + description: "Callback functions.\nAuthorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config." + type: "object" + metadata: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + http: + description: "External source of auth metadata via HTTP request" + properties: + body: + description: "Raw body of the HTTP request.\nSupersedes 'bodyParameters'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + bodyParameters: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom parameters to encode in the body of the HTTP request.\nSuperseded by 'body'; use either one or the other.\nUse it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used)." + type: "object" + contentType: + default: "application/x-www-form-urlencoded" + description: "Content-Type of the request body. Shapes how 'bodyParameters' are encoded.\nUse it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'." + enum: + - "application/x-www-form-urlencoded" + - "application/json" + type: "string" + credentials: + description: "Defines where client credentials will be passed in the request to the service.\nIf omitted, it defaults to client credentials passed in the HTTP Authorization header and the \"Bearer\" prefix expected prepended to the secret value." + properties: + authorizationHeader: + properties: + prefix: + type: "string" + type: "object" + cookie: + properties: + name: + type: "string" + required: + - "name" + type: "object" + customHeader: + properties: + name: + type: "string" + required: + - "name" + type: "object" + queryString: + properties: + name: + type: "string" + required: + - "name" + type: "object" + type: "object" + headers: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Custom headers in the HTTP request." + type: "object" + method: + default: "GET" + description: "HTTP verb used in the request to the service. Accepted values: GET (default), POST.\nWhen the request method is POST, the authorization JSON is passed in the body of the request." + enum: + - "GET" + - "POST" + - "PUT" + - "PATCH" + - "DELETE" + - "HEAD" + - "OPTIONS" + - "CONNECT" + - "TRACE" + type: "string" + oauth2: + description: "Authentication with the HTTP service by OAuth2 Client Credentials grant." + properties: + cache: + default: true + description: "Caches and reuses the token until expired.\nSet it to false to force fetch the token at every authorization request regardless of expiration." + type: "boolean" + clientId: + description: "OAuth2 Client ID." + type: "string" + clientSecretRef: + description: "Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + extraParams: + additionalProperties: + type: "string" + description: "Optional extra parameters for the requests to the token URL." + type: "object" + scopes: + description: "Optional scopes for the client credentials grant, if supported by he OAuth2 server." + items: + type: "string" + type: "array" + tokenUrl: + description: "Token endpoint URL of the OAuth2 resource server." + type: "string" + required: + - "clientId" + - "clientSecretRef" + - "tokenUrl" + type: "object" + sharedSecretRef: + description: "Reference to a Secret key whose value will be passed by Authorino in the request.\nThe HTTP service can use the shared secret to authenticate the origin of the request.\nIgnored if used together with oauth2." + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "The name of the secret in the Authorino's namespace to select from." + type: "string" + required: + - "key" + - "name" + type: "object" + url: + description: "Endpoint URL of the HTTP service.\nThe value can include variable placeholders in the format \"{selector}\", where \"selector\" is any pattern supported\nby https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.\nE.g. https://ext-auth-server.io/metadata?p={request.path}" + type: "string" + urlExpression: + type: "string" + type: "object" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + uma: + description: "User-Managed Access (UMA) source of resource data." + properties: + credentialsRef: + description: "Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server." + properties: + name: + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + endpoint: + description: "The endpoint of the UMA server.\nThe value must coincide with the \"issuer\" claim of the UMA config discovered from the well-known uma configuration endpoint." + type: "string" + required: + - "credentialsRef" + - "endpoint" + type: "object" + userInfo: + description: "OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig." + properties: + identitySource: + description: "The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC \"userinfo_endpoint\" claim." + type: "string" + required: + - "identitySource" + type: "object" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + type: "object" + description: "Metadata sources.\nAuthorino fetches auth metadata as JSON from sources specified in this config." + type: "object" + response: + description: "Response items.\nAuthorino builds custom responses to the client of the auth request." + properties: + success: + description: "Response items to be included in the auth response when the request is authenticated and authorized.\nFor integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request." + properties: + filters: + additionalProperties: + properties: + cache: + description: "Caching options for the resolved object returned when applying this config.\nOmit it to avoid caching objects for this config." + properties: + key: + description: "Key used to store the entry in the cache.\nThe resolved key must be unique within the scope of this particular config." + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + ttl: + default: 60 + description: "Duration (in seconds) of the external data in the cache before pulled again from the source." + type: "integer" + required: + - "key" + type: "object" + json: + description: "JSON object\nSpecify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON." + properties: + properties: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + type: "object" + required: + - "properties" + type: "object" + key: + description: "The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object).\nIf omitted, it will be set to the name of the response config." + type: "string" + metrics: + default: false + description: "Whether this config should generate individual observability metrics" + type: "boolean" + plain: + description: "Plain text content" + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + priority: + default: 0 + description: "Priority group of the config.\nAll configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially." + type: "integer" + when: + description: "Conditions for Authorino to enforce this config.\nIf omitted, the config will be enforced for all requests.\nIf present, all conditions must match for the config to be enforced; otherwise, the config will be skipped." + items: + properties: + all: + description: "A list of pattern expressions to be evaluated as a logical AND." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + any: + description: "A list of pattern expressions to be evaluated as a logical OR." + items: + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "array" + operator: + description: "The binary operator to be applied to the content fetched from the authorization JSON, for comparison with \"value\".\nPossible values are: \"eq\" (equal to), \"neq\" (not equal to), \"incl\" (includes; for arrays), \"excl\" (excludes; for arrays), \"matches\" (regex)" + enum: + - "eq" + - "neq" + - "incl" + - "excl" + - "matches" + type: "string" + patternRef: + description: "Reference to a named set of pattern expressions" + type: "string" + predicate: + type: "string" + selector: + description: "Path selector to fetch content from the authorization JSON (e.g. 'request.method').\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nAuthorino custom JSON path modifiers are also supported." + type: "string" + value: + description: "The value of reference for the comparison with the content fetched from the authorization JSON.\nIf used with the \"matches\" operator, the value must compile to a valid Golang regex." + type: "string" + type: "object" + type: "array" + wristband: + description: "Authorino Festival Wristband token" + properties: + customClaims: + additionalProperties: + properties: + expression: + type: "string" + selector: + description: "Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. \"Hello, {auth.identity.name}!\").\nAny pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.\nThe following Authorino custom modifiers are supported: @extract:{sep:\" \",pos:0}, @replace{old:\"\",new:\"\"}, @case:upper|lower, @base64:encode|decode and @strip." + type: "string" + value: + description: "Static value" + x-kubernetes-preserve-unknown-fields: true + type: "object" + description: "Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default." + type: "object" + issuer: + description: "The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /://:/, where = /://:/, where = /://:/, where = /://:/, where = /://:/, where = / 0) || (has(self.rules.metadata) && size(self.rules.metadata) > 0) || (has(self.rules.authorization) && size(self.rules.authorization) > 0) || (has(self.rules.response) && (has(self.rules.response.unauthenticated) || has(self.rules.response.unauthorized) || (has(self.rules.response.success) && (size(self.rules.response.success.headers) > 0 || size(self.rules.response.success.filters) > 0)))) || (has(self.rules.callbacks) && size(self.rules.callbacks) > 0)) : true" + - message: "At least one spec.defaults.rules must be defined" + rule: "has(self.defaults) ? has(self.defaults.rules) && ((has(self.defaults.rules.authentication) && size(self.defaults.rules.authentication) > 0) || (has(self.defaults.rules.metadata) && size(self.defaults.rules.metadata) > 0) || (has(self.defaults.rules.authorization) && size(self.defaults.rules.authorization) > 0) || (has(self.defaults.rules.response) && (has(self.defaults.rules.response.unauthenticated) || has(self.defaults.rules.response.unauthorized) || (has(self.defaults.rules.response.success) && (size(self.defaults.rules.response.success.headers) > 0 || size(self.defaults.rules.response.success.filters) > 0)))) || (has(self.defaults.rules.callbacks) && size(self.defaults.rules.callbacks) > 0)) : true" + - message: "At least one spec.overrides.rules must be defined" + rule: "has(self.overrides) ? has(self.overrides.rules) && ((has(self.overrides.rules.authentication) && size(self.overrides.rules.authentication) > 0) || (has(self.overrides.rules.metadata) && size(self.overrides.rules.metadata) > 0) || (has(self.overrides.rules.authorization) && size(self.overrides.rules.authorization) > 0) || (has(self.overrides.rules.response) && (has(self.overrides.rules.response.unauthenticated) || has(self.overrides.rules.response.unauthorized) || (has(self.overrides.rules.response.success) && (size(self.overrides.rules.response.success.headers) > 0 || size(self.overrides.rules.response.success.filters) > 0)))) || (has(self.overrides.rules.callbacks) && size(self.overrides.rules.callbacks) > 0)) : true" + status: + properties: + conditions: + description: "Represents the observations of a foo's current state.\nKnown .status.conditions.type are: \"Available\"" + items: + description: "Condition contains details for one aspect of the current state of this API Resource." + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase." + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + observedGeneration: + description: "ObservedGeneration reflects the generation of the most recently observed spec." + format: "int64" + type: "integer" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/ratelimitpolicies.yaml b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/ratelimitpolicies.yaml new file mode 100644 index 000000000..4471d351f --- /dev/null +++ b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/ratelimitpolicies.yaml @@ -0,0 +1,373 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + controller-gen.kubebuilder.io/version: "v0.16.5" + labels: + gateway.networking.k8s.io/policy: "inherited" + name: "ratelimitpolicies.kuadrant.io" +spec: + group: "kuadrant.io" + names: + kind: "RateLimitPolicy" + listKind: "RateLimitPolicyList" + plural: "ratelimitpolicies" + singular: "ratelimitpolicy" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - description: "RateLimitPolicy Accepted" + jsonPath: ".status.conditions[?(@.type==\"Accepted\")].status" + name: "Accepted" + priority: 2 + type: "string" + - description: "RateLimitPolicy Enforced" + jsonPath: ".status.conditions[?(@.type==\"Enforced\")].status" + name: "Enforced" + priority: 2 + type: "string" + - description: "Kind of the object to which the policy aaplies" + jsonPath: ".spec.targetRef.kind" + name: "TargetKind" + priority: 2 + type: "string" + - description: "Name of the object to which the policy applies" + jsonPath: ".spec.targetRef.name" + name: "TargetName" + priority: 2 + type: "string" + - description: "Name of the section within the object to which the policy applies " + jsonPath: ".spec.targetRef.sectionName" + name: "TargetSection" + priority: 2 + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1" + schema: + openAPIV3Schema: + description: "RateLimitPolicy enables rate limiting for service workloads in a Gateway API network" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + properties: + defaults: + description: "Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides.\nUse one of: defaults, overrides, or bare set of policy rules (implicit defaults)." + properties: + limits: + additionalProperties: + description: "Limit represents a complete rate limit configuration" + properties: + counters: + description: "Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors" + items: + properties: + expression: + description: "Expression defines one CEL expression\nExpression can use well known attributes\nAttributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes\nWell-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors\nThey are named by a dot-separated path (e.g. request.path)\nExample: \"request.path\" -> The path portion of the URL" + minLength: 1 + type: "string" + required: + - "expression" + type: "object" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + window: + description: "Window defines the time period for which the Limit specified above applies." + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + required: + - "limit" + - "window" + type: "object" + type: "array" + when: + description: "When holds a list of \"limit-level\" `Predicate`s\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + type: "object" + strategy: + default: "atomic" + description: "Strategy defines the merge strategy to apply when merging this policy with other policies." + enum: + - "atomic" + - "merge" + type: "string" + when: + description: "Overall conditions for the policy to be enforced.\nIf omitted, the policy will be enforced at all requests to the protected routes.\nIf present, all conditions must match for the policy to be enforced." + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + limits: + additionalProperties: + description: "Limit represents a complete rate limit configuration" + properties: + counters: + description: "Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors" + items: + properties: + expression: + description: "Expression defines one CEL expression\nExpression can use well known attributes\nAttributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes\nWell-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors\nThey are named by a dot-separated path (e.g. request.path)\nExample: \"request.path\" -> The path portion of the URL" + minLength: 1 + type: "string" + required: + - "expression" + type: "object" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + window: + description: "Window defines the time period for which the Limit specified above applies." + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + required: + - "limit" + - "window" + type: "object" + type: "array" + when: + description: "When holds a list of \"limit-level\" `Predicate`s\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + type: "object" + overrides: + description: "Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides.\nUse one of: defaults, overrides, or bare set of policy rules (implicit defaults)." + properties: + limits: + additionalProperties: + description: "Limit represents a complete rate limit configuration" + properties: + counters: + description: "Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors" + items: + properties: + expression: + description: "Expression defines one CEL expression\nExpression can use well known attributes\nAttributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes\nWell-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors\nThey are named by a dot-separated path (e.g. request.path)\nExample: \"request.path\" -> The path portion of the URL" + minLength: 1 + type: "string" + required: + - "expression" + type: "object" + type: "array" + rates: + description: "Rates holds the list of limit rates" + items: + description: "Rate defines the actual rate limit that will be used when there is a match" + properties: + limit: + description: "Limit defines the max value allowed for a given period of time" + type: "integer" + window: + description: "Window defines the time period for which the Limit specified above applies." + pattern: "^([0-9]{1,5}(h|m|s|ms)){1,4}$" + type: "string" + required: + - "limit" + - "window" + type: "object" + type: "array" + when: + description: "When holds a list of \"limit-level\" `Predicate`s\nCalled also \"soft\" conditions as route selectors must also match" + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + description: "Limits holds the struct of limits indexed by a unique name" + type: "object" + strategy: + default: "atomic" + description: "Strategy defines the merge strategy to apply when merging this policy with other policies." + enum: + - "atomic" + - "merge" + type: "string" + when: + description: "Overall conditions for the policy to be enforced.\nIf omitted, the policy will be enforced at all requests to the protected routes.\nIf present, all conditions must match for the policy to be enforced." + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + type: "object" + targetRef: + description: "Reference to the object to which this policy applies." + properties: + group: + description: "Group is the group of the target resource." + maxLength: 253 + pattern: "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + kind: + description: "Kind is kind of the target resource." + maxLength: 63 + minLength: 1 + pattern: "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$" + type: "string" + name: + description: "Name is the name of the target resource." + maxLength: 253 + minLength: 1 + type: "string" + sectionName: + description: "SectionName is the name of a section within the target resource. When\nunspecified, this targetRef targets the entire resource. In the following\nresources, SectionName is interpreted as the following:\n\n* Gateway: Listener name\n* HTTPRoute: HTTPRouteRule name\n* Service: Port name\n\nIf a SectionName is specified, but does not exist on the targeted object,\nthe Policy must fail to attach, and the policy implementation should record\na `ResolvedRefs` or similar Condition in the Policy's status." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + required: + - "group" + - "kind" + - "name" + type: "object" + x-kubernetes-validations: + - message: "Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" + rule: "self.group == 'gateway.networking.k8s.io'" + - message: "Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" + rule: "self.kind == 'HTTPRoute' || self.kind == 'Gateway'" + when: + description: "Overall conditions for the policy to be enforced.\nIf omitted, the policy will be enforced at all requests to the protected routes.\nIf present, all conditions must match for the policy to be enforced." + items: + description: "Predicate defines one CEL expression that must be evaluated to bool" + properties: + predicate: + minLength: 1 + type: "string" + required: + - "predicate" + type: "object" + type: "array" + required: + - "targetRef" + type: "object" + x-kubernetes-validations: + - message: "Implicit and explicit defaults are mutually exclusive" + rule: "!(has(self.defaults) && has(self.limits))" + - message: "Overrides and explicit defaults are mutually exclusive" + rule: "!(has(self.defaults) && has(self.overrides))" + - message: "Overrides and implicit defaults are mutually exclusive" + rule: "!(has(self.overrides) && has(self.limits))" + - message: "At least one spec.limits must be defined" + rule: "!(has(self.overrides) || has(self.defaults)) ? has(self.limits) && size(self.limits) > 0 : true" + - message: "At least one spec.overrides.limits must be defined" + rule: "has(self.overrides) ? has(self.overrides.limits) && size(self.overrides.limits) > 0 : true" + - message: "At least one spec.defaults.limits must be defined" + rule: "has(self.defaults) ? has(self.defaults.limits) && size(self.defaults.limits) > 0 : true" + status: + properties: + conditions: + description: "Represents the observations of a foo's current state.\nKnown .status.conditions.type are: \"Available\"" + items: + description: "Condition contains details for one aspect of the current state of this API Resource." + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition.\nThis may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase." + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "type" + x-kubernetes-list-type: "map" + observedGeneration: + description: "ObservedGeneration reflects the generation of the most recently observed spec." + format: "int64" + type: "integer" + type: "object" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml index 2c6828756..419f551b5 100644 --- a/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml +++ b/crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1beta1/kuadrants.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "kuadrants.kuadrant.io" spec: group: "kuadrant.io" @@ -43,7 +43,7 @@ spec: conditions: description: "Represents the observations of a foo's current state.\nKnown .status.conditions.type are: \"Available\"" items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -72,7 +72,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml index 70fde8318..19669e38b 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1/redisenterpriseclusters.yaml @@ -382,6 +382,9 @@ spec: cacheTTLSeconds: description: "The maximum TTL of cached entries." type: "integer" + directoryTimeoutSeconds: + description: "The connection timeout to the LDAP server when authenticating a user, in seconds" + type: "integer" enabledForControlPlane: description: "Whether to enable LDAP for control plane access. Disabled by default." type: "boolean" @@ -7324,6 +7327,17 @@ spec: - "version" type: "object" type: "array" + certificatesStatus: + description: "Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters." + properties: + generation: + description: "Generation stores the version of the cluster's Proxy and Syncer certificate secrets. In Active-Active databases, when a user updates the proxy or syncer certificate, a crdb-update command needs to be triggered to avoid potential sync issues. This helps the REAADB controller detect a change in a certificate and trigger a crdb-update. The version of the cluster's Proxy certificate secret." + format: "int64" + type: "integer" + updateStatus: + description: "The status of the cluster's certificates update" + type: "string" + type: "object" ingressOrRouteMethodStatus: description: "The ingressOrRouteSpec/ActiveActive spec method that exist" type: "string" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml index 658277401..2be532b3c 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseactiveactivedatabases.yaml @@ -60,7 +60,7 @@ spec: - "participatingClusterName" type: "object" alertSettings: - description: "Settings for database alerts" + description: "Settings for database alerts. Note - Alert settings are not supported for Active-Active database." properties: bdb_backup_delayed: description: "Periodic backup has been delayed for longer than specified threshold value [minutes]" @@ -425,7 +425,7 @@ spec: - "name" type: "object" redisVersion: - description: "Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'" + description: "Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'. Note - Specifying Redis version is currently not supported for Active-Active database." type: "string" replicaSources: description: "What databases to replicate from" @@ -541,6 +541,10 @@ spec: status: description: "RedisEnterpriseActiveActiveDatabaseStatus defines the observed state of RedisEnterpriseActiveActiveDatabase" properties: + clusterCertificatesGeneration: + description: "Versions of the cluster's Proxy and Syncer certificates. In Active-Active databases, these are used to detect updates to the certificates, and trigger synchronization across the participating clusters. ." + format: "int64" + type: "integer" guid: description: "The active-active database corresponding GUID." type: "string" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml index 1f91d68f1..bb9f8cad0 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseclusters.yaml @@ -320,6 +320,8 @@ spec: type: "string" cacheTTLSeconds: type: "integer" + directoryTimeoutSeconds: + type: "integer" enabledForControlPlane: type: "boolean" enabledForDataPlane: @@ -7162,6 +7164,14 @@ spec: - "version" type: "object" type: "array" + certificatesStatus: + properties: + generation: + format: "int64" + type: "integer" + updateStatus: + type: "string" + type: "object" ingressOrRouteMethodStatus: type: "string" licenseStatus: diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml index 032f0e10c..701372be8 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterprisedatabases.yaml @@ -315,7 +315,7 @@ spec: description: "memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, and it must not be below 1GB." type: "string" modulesList: - description: "List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map." + description: "List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. Note - if you do not want to upgrade to the latest version you must set upgradeSpec -> upgradeModulesToLatest to false. if you specify a version and do not set the upgradeModulesToLatest it can result errors in the operator. in addition, the option to specify specific version is Deprecated and will be deleted in next releases." items: description: "Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/" properties: @@ -326,7 +326,7 @@ spec: description: "The module's name e.g \"ft\" for redissearch" type: "string" version: - description: "Module's semantic version e.g \"1.6.12\" - optional only in REDB, must be set in REAADB" + description: "DEPRECATED - Module's semantic version e.g \"1.6.12\" - optional only in REDB, must be set in REAADB" type: "string" required: - "name" @@ -448,7 +448,7 @@ spec: description: "Specifications for DB upgrade." properties: upgradeModulesToLatest: - description: "Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifing the version. in addition, This field is currently not supported for Active-Active databases." + description: "DEPRECATED Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifying the version. in addition, This field is currently not supported for Active-Active databases. The default is true" type: "boolean" required: - "upgradeModulesToLatest" diff --git a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml index 0c766ef28..b4fbf2506 100644 --- a/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml +++ b/crd-catalog/RedisLabs/redis-enterprise-k8s-docs/app.redislabs.com/v1alpha1/redisenterpriseremoteclusters.yaml @@ -41,6 +41,9 @@ spec: apiFqdnUrl: description: "The URL of the cluster, will be used for the active-active database URL." type: "string" + apiPort: + description: "The port number of the cluster's URL used for connectivity/sync" + type: "integer" dbFqdnSuffix: description: "The database URL suffix, will be used for the active-active database replication endpoint and replication endpoint SNI." type: "string" @@ -60,6 +63,9 @@ spec: type: "object" status: properties: + internalObservedSecretResourceVersion: + description: "The observed secret resource version. Used for internal purposes only." + type: "string" local: description: "Indicates whether this object represents a local or a remote cluster." type: "boolean" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml index 4dbb90431..e88de7424 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vlogs.yaml @@ -28,10 +28,13 @@ spec: jsonPath: ".status.status" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: - description: "VLogs is the Schema for the vlogs API" + description: "VLogs is fast, cost-effective and scalable logs database.\nVLogs is the Schema for the vlogs API" properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" @@ -605,25 +608,29 @@ spec: description: "VLogsStatus defines the observed state of VLogs" properties: availableReplicas: - description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines a reason in case of update failure" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: - description: "ReplicaCount Total number of non-terminated pods targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" - status: - description: "UpdateStatus defines a status of vlogs instance rollout" - type: "string" unavailableReplicas: - description: "UnavailableReplicas Total number of unavailable pods targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" + updateStatus: + description: "UpdateStatus defines a status for update rollout" + type: "string" updatedReplicas: - description: "UpdatedReplicas Total number of non-terminated pods targeted by this VLogs." + description: "deprecated" format: "int32" type: "integer" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml index 3c9a81b8c..3b82be2f1 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmagents.yaml @@ -36,6 +36,9 @@ spec: jsonPath: ".status.updateStatus" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: @@ -2529,7 +2532,7 @@ spec: type: "object" type: "array" staticScrapeSelector: - description: "StaticScrapeSelector defines PodScrapes to be selected for target discovery.\nWorks in combination with NamespaceSelector.\nIf both nil - match everything.\nNamespaceSelector nil - only objects at VMAgent namespace.\nSelector nil - only objects at NamespaceSelector namespaces." + description: "StaticScrapeSelector defines VMStaticScrape to be selected for target discovery.\nWorks in combination with NamespaceSelector.\nIf both nil - match everything.\nNamespaceSelector nil - only objects at VMAgent namespace.\nSelector nil - only objects at NamespaceSelector namespaces." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -2861,11 +2864,15 @@ spec: description: "VMAgentStatus defines the observed state of VMAgent" properties: availableReplicas: - description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds)\ntargeted by this VMAlert cluster." + description: "Deprecated" format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefulMode" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: description: "ReplicaCount Total number of pods targeted by this VMAgent" @@ -2879,14 +2886,14 @@ spec: format: "int32" type: "integer" unavailableReplicas: - description: "UnavailableReplicas Total number of unavailable pods targeted by this VMAgent cluster." + description: "Deprecated" format: "int32" type: "integer" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" + description: "UpdateStatus defines a status for update rollout" type: "string" updatedReplicas: - description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMAgent\ncluster that have the desired version spec." + description: "Deprecated" format: "int32" type: "integer" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml index 375d2e6bf..282937797 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalertmanagers.yaml @@ -26,10 +26,6 @@ spec: scope: "Namespaced" versions: - additionalPrinterColumns: - - description: "The version of VMAlertmanager" - jsonPath: ".spec.image.tag" - name: "Version" - type: "string" - description: "The desired replicas number of Alertmanagers" jsonPath: ".spec.replicaCount" name: "ReplicaCount" @@ -1426,11 +1422,15 @@ spec: status: description: "Most recent observed status of the VMAlertmanager cluster.\nOperator API itself. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" properties: + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason has non empty reason for update failure" + description: "Reason defines fail reason for reconcile process" type: "string" updateStatus: - description: "Status defines a status of object update" + description: "UpdateStatus defines a status for update rollout" type: "string" type: "object" required: diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml index 306d5da7b..47ead9d01 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmalerts.yaml @@ -28,6 +28,13 @@ spec: jsonPath: ".status.updateStatus" name: "Status" type: "string" + - description: "The desired replicas number of Alertmanagers" + jsonPath: ".spec.replicaCount" + name: "ReplicaCount" + type: "integer" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: @@ -1221,25 +1228,29 @@ spec: description: "VMAlertStatus defines the observed state of VMAlert" properties: availableReplicas: - description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds)\ntargeted by this VMAlert cluster." + description: "Deprecated" format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefulMode" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: - description: "ReplicaCount Total number of non-terminated pods targeted by this VMAlert\ncluster (their labels match the selector)." + description: "Deprecated" format: "int32" type: "integer" unavailableReplicas: - description: "UnavailableReplicas Total number of unavailable pods targeted by this VMAlert cluster." + description: "Deprecated" format: "int32" type: "integer" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" + description: "UpdateStatus defines a status for update rollout" type: "string" updatedReplicas: - description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMAlert\ncluster that have the desired version spec." + description: "Deprecated" format: "int32" type: "integer" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml index e80844bd1..f2421ff48 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmauths.yaml @@ -28,6 +28,13 @@ spec: jsonPath: ".status.updateStatus" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + - description: "The desired replicas number of Alertmanagers" + jsonPath: ".spec.replicaCount" + name: "ReplicaCount" + type: "integer" name: "v1beta1" schema: openAPIV3Schema: @@ -981,11 +988,15 @@ spec: status: description: "VMAuthStatus defines the observed state of VMAuth" properties: + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines fail reason for update process, effective only for statefulMode" + description: "Reason defines fail reason for reconcile process" type: "string" updateStatus: - description: "UpdateStatus defines a status for update rollout, effective only for statefulMode" + description: "UpdateStatus defines a status for update rollout" type: "string" type: "object" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml index 9ec5aa599..1b63a7890 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmclusters.yaml @@ -40,7 +40,7 @@ spec: name: "Age" type: "date" - description: "Current status of cluster" - jsonPath: ".status.clusterStatus" + jsonPath: ".status.updateStatus" name: "Status" type: "string" name: "v1beta1" @@ -2481,17 +2481,22 @@ spec: status: description: "VMClusterStatus defines the observed state of VMCluster" properties: - clusterStatus: - description: "UpdateStatus defines status for application" - type: "string" lastSync: description: "Deprecated." type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: + description: "Reason defines fail reason for reconcile process" type: "string" updateFailCount: description: "Deprecated." type: "integer" + updateStatus: + description: "UpdateStatus defines a status for update rollout" + type: "string" required: - "updateFailCount" type: "object" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml index 9843e2867..031ba57c3 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmnodescrapes.yaml @@ -350,6 +350,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" @@ -717,6 +719,10 @@ spec: lastSyncError: description: "LastSyncError contains error message for unsuccessful config generation" type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" status: description: "Status defines update status of resource" type: "string" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml index 919aa49e8..68fd67df5 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmpodscrapes.yaml @@ -384,6 +384,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" @@ -769,6 +771,10 @@ spec: lastSyncError: description: "LastSyncError contains error message for unsuccessful config generation" type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" status: description: "Status defines update status of resource" type: "string" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml index 6246a3f9f..9d42c0aa9 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmprobes.yaml @@ -300,6 +300,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" @@ -818,6 +820,10 @@ spec: lastSyncError: description: "LastSyncError contains error message for unsuccessful config generation" type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" status: description: "Status defines update status of resource" type: "string" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml index bdc25ea67..783c58ad1 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmrules.yaml @@ -144,7 +144,7 @@ spec: description: "Tenant id for group, can be used only with enterprise version of vmalert.\nSee more details [here](https://docs.victoriametrics.com/vmalert#multitenancy)." type: "string" type: - description: "Type defines datasource type for enterprise version of vmalert\npossible values - prometheus,graphite" + description: "Type defines datasource type for enterprise version of vmalert\npossible values - prometheus,graphite,vlogs" type: "string" required: - "name" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml index e1857fd56..6a2c04c27 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmscrapeconfigs.yaml @@ -2525,6 +2525,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" @@ -2872,6 +2874,10 @@ spec: lastSyncError: description: "LastSyncError contains error message for unsuccessful config generation" type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" status: description: "Status defines update status of resource" type: "string" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml index 54b18944f..2bd85bffc 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmservicescrapes.yaml @@ -373,6 +373,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" @@ -778,6 +780,10 @@ spec: lastSyncError: description: "LastSyncError contains error message for unsuccessful config generation" type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" status: description: "Status defines update status of resource" type: "string" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml index e5ba38059..89e11b69f 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmsingles.yaml @@ -25,9 +25,12 @@ spec: versions: - additionalPrinterColumns: - description: "Current status of single node update process" - jsonPath: ".status.singleStatus" + jsonPath: ".status.updateStatus" name: "Status" type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" name: "v1beta1" schema: openAPIV3Schema: @@ -413,7 +416,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true storage: - description: "Storage is the definition of how storage will be used by the VMSingle\nby default it`s empty dir" + description: "Storage is the definition of how storage will be used by the VMSingle\nby default it`s empty dir\nthis option is ignored if storageDataPath is set" properties: accessModes: description: "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" @@ -526,7 +529,7 @@ spec: type: "string" type: "object" storageDataPath: - description: "StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath,\nits users responsibility to mount proper device into given path." + description: "StorageDataPath disables spec.storage option and overrides arg for victoria-metrics binary --storageDataPath,\nits users responsibility to mount proper device into given path.\nIt requires to provide spec.volumes and spec.volumeMounts with at least 1 value" type: "string" storageMetadata: description: "StorageMeta defines annotations and labels attached to PVC for given vmsingle CR" @@ -1091,20 +1094,24 @@ spec: description: "AvailableReplicas Total number of available pods (ready for at least minReadySeconds) targeted by this VMSingle." format: "int32" type: "integer" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" reason: - description: "Reason defines a reason in case of update failure" + description: "Reason defines fail reason for reconcile process" type: "string" replicas: description: "ReplicaCount Total number of non-terminated pods targeted by this VMSingle." format: "int32" type: "integer" - singleStatus: - description: "UpdateStatus defines a status of single node rollout" - type: "string" unavailableReplicas: description: "UnavailableReplicas Total number of unavailable pods targeted by this VMSingle." format: "int32" type: "integer" + updateStatus: + description: "UpdateStatus defines a status for update rollout" + type: "string" updatedReplicas: description: "UpdatedReplicas Total number of non-terminated pods targeted by this VMSingle." format: "int32" diff --git a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml index 5de16c245..1d1745890 100644 --- a/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml +++ b/crd-catalog/VictoriaMetrics/operator/operator.victoriametrics.com/v1beta1/vmstaticscrapes.yaml @@ -365,6 +365,8 @@ spec: enum: - "http" - "https" + - "HTTPS" + - "HTTP" type: "string" scrapeTimeout: description: "Timeout after which the scrape is ended" @@ -706,6 +708,10 @@ spec: lastSyncError: description: "LastSyncError contains error message for unsuccessful config generation" type: "string" + observedGeneration: + description: "ObservedGeneration defines current generation picked by operator for the\nreconcile" + format: "int64" + type: "integer" status: description: "Status defines update status of resource" type: "string" diff --git a/crd-catalog/alexandrevilain/temporal-operator/temporal.io/v1beta1/temporalclusters.yaml b/crd-catalog/alexandrevilain/temporal-operator/temporal.io/v1beta1/temporalclusters.yaml index 4fb132e10..1f4c9fffb 100644 --- a/crd-catalog/alexandrevilain/temporal-operator/temporal.io/v1beta1/temporalclusters.yaml +++ b/crd-catalog/alexandrevilain/temporal-operator/temporal.io/v1beta1/temporalclusters.yaml @@ -1284,6 +1284,17 @@ spec: type: "string" type: "array" type: "object" + nativeHistogramBucketLimit: + description: "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0." + format: "int64" + type: "integer" + nativeHistogramMinBucketFactor: + anyOf: + - type: "integer" + - type: "string" + description: "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0." + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true podTargetLabels: description: "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics." items: @@ -1297,6 +1308,9 @@ spec: description: "The scrape class to apply." minLength: 1 type: "string" + scrapeClassicHistograms: + description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." + type: "boolean" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: diff --git a/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml b/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml index 8ff097121..03ccbda6f 100644 --- a/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml +++ b/crd-catalog/ansible/awx-operator/awx.ansible.com/v1beta1/awxs.yaml @@ -912,7 +912,6 @@ spec: - "_No_" type: "string" public_base_url: - default: "" description: "Public base URL" type: "string" receptor_log_level: diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml index 9cca00731..0e90e9f50 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/builds.yaml @@ -118,7 +118,7 @@ spec: description: "Task represents the abstract task. Only one of the task should be configured to represent the specific task chosen." properties: buildah: - description: "a BuildahTask, for Buildah strategy\nDeprecated: use jib, s2i or a custom publishing strategy instead" + description: "a BuildahTask, for Buildah strategy\nDeprecated: use jib or a custom publishing strategy instead" properties: baseImage: description: "base image layer" @@ -287,7 +287,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -342,7 +343,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -358,7 +360,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -451,7 +454,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -467,7 +471,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -487,7 +492,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -503,7 +509,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -849,7 +856,7 @@ spec: type: "object" type: "object" kaniko: - description: "a KanikoTask, for Kaniko strategy\nDeprecated: use jib, s2i or a custom publishing strategy instead" + description: "a KanikoTask, for Kaniko strategy\nDeprecated: use jib or a custom publishing strategy instead" properties: baseImage: description: "base image layer" @@ -1025,7 +1032,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1080,7 +1088,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1096,7 +1105,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1189,7 +1199,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1205,7 +1216,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1225,7 +1237,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1241,7 +1254,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1427,7 +1441,7 @@ spec: type: "array" type: "object" s2i: - description: "a S2iTask, for S2I strategy" + description: "a S2iTask, for S2I strategy\nDeprecated: use jib or a custom publishing strategy instead" properties: baseImage: description: "base image layer" @@ -1515,7 +1529,7 @@ spec: type: "string" type: "object" spectrum: - description: "a SpectrumTask, for Spectrum strategy\nDeprecated: use jib, s2i or a custom publishing strategy instead" + description: "a SpectrumTask, for Spectrum strategy\nDeprecated: use jib or a custom publishing strategy instead" properties: baseImage: description: "base image layer" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml index 4a5b79213..4c0557295 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationplatforms.yaml @@ -135,7 +135,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -190,7 +191,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -206,7 +208,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -232,7 +235,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -248,7 +252,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -268,7 +273,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -284,7 +290,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -591,6 +598,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -616,6 +624,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -775,7 +784,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -980,6 +989,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" @@ -1694,7 +1704,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1749,7 +1760,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1765,7 +1777,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1791,7 +1804,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1807,7 +1821,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1827,7 +1842,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1843,7 +1859,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2192,6 +2209,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -2217,6 +2235,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -2376,7 +2395,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -2581,6 +2600,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml index e1ec5ed29..1903c99b1 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrationprofiles.yaml @@ -61,7 +61,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -116,7 +117,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -132,7 +134,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -158,7 +161,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -174,7 +178,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -194,7 +199,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -210,7 +216,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -485,6 +492,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -510,6 +518,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -669,7 +678,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -874,6 +883,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" @@ -1530,7 +1540,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1585,7 +1596,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1601,7 +1613,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1627,7 +1640,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1643,7 +1657,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1663,7 +1678,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1679,7 +1695,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1991,6 +2008,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -2016,6 +2034,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -2175,7 +2194,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -2380,6 +2399,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml index 8c7f57cc9..63e6e5d9c 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/integrations.yaml @@ -209,11 +209,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -235,7 +237,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -284,7 +287,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -298,6 +302,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -307,7 +314,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -321,7 +329,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -330,6 +339,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -350,6 +360,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -373,6 +384,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -425,6 +437,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -448,6 +461,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -501,6 +515,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -541,6 +556,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -637,6 +653,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -677,6 +694,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -791,6 +809,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -800,12 +830,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -883,6 +915,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -923,6 +956,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1005,6 +1039,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -1014,7 +1051,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1022,6 +1059,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1033,6 +1073,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1053,11 +1096,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1079,7 +1124,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1128,7 +1174,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1142,6 +1189,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1151,7 +1201,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1165,7 +1216,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1174,6 +1226,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images" type: "string" @@ -1194,6 +1247,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1217,6 +1271,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1269,6 +1324,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1292,6 +1348,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1345,6 +1402,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1385,6 +1443,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1481,6 +1540,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1521,6 +1581,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1635,6 +1696,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -1644,12 +1717,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1727,6 +1802,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1767,6 +1843,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1852,6 +1929,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated." items: @@ -1861,7 +1941,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1869,6 +1949,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1880,6 +1963,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1897,11 +1983,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1923,7 +2011,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1972,7 +2061,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1986,6 +2076,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1995,7 +2088,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2009,7 +2103,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2018,6 +2113,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -2038,6 +2134,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2061,6 +2158,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2113,6 +2211,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2136,6 +2235,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2189,6 +2289,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2229,6 +2330,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2325,6 +2427,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2365,6 +2468,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2479,6 +2583,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -2488,12 +2604,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2571,6 +2689,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2611,6 +2730,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2693,6 +2813,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -2702,7 +2825,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -2710,6 +2833,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -2721,6 +2847,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -2739,6 +2868,18 @@ spec: securityContext: description: "PodSecurityContext" properties: + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" fsGroup: description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" @@ -2791,6 +2932,7 @@ spec: format: "int64" type: "integer" type: "array" + x-kubernetes-list-type: "atomic" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -2807,6 +2949,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" windowsOptions: description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: @@ -2852,11 +2995,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2875,7 +3020,7 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: @@ -2969,6 +3114,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" path: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" @@ -2982,7 +3128,8 @@ spec: description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3005,7 +3152,8 @@ spec: description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3042,8 +3190,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3063,7 +3213,8 @@ spec: description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3091,7 +3242,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3134,6 +3285,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" emptyDir: description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" @@ -3166,6 +3318,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: @@ -3243,11 +3396,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3259,7 +3414,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3290,11 +3445,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" wwids: description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" flexVolume: description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." @@ -3317,7 +3474,8 @@ spec: description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3426,6 +3584,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" readOnly: description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" @@ -3433,7 +3592,8 @@ spec: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3537,11 +3697,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3587,8 +3749,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3604,7 +3768,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3647,6 +3811,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -3671,8 +3836,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -3697,6 +3864,7 @@ spec: type: "object" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" quobyte: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" @@ -3740,6 +3908,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" pool: description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" @@ -3750,7 +3919,8 @@ spec: description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3780,7 +3950,8 @@ spec: description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3831,6 +4002,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" optional: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" @@ -3851,7 +4023,8 @@ spec: description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4109,6 +4282,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -4134,6 +4308,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -4293,7 +4468,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -4498,6 +4673,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" @@ -5591,6 +5767,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -5616,6 +5793,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -5775,7 +5953,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -5980,6 +6158,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml index ebf7f4c4b..060a74f37 100644 --- a/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml +++ b/crd-catalog/apache/camel-k/camel.apache.org/v1/pipes.yaml @@ -196,11 +196,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -222,7 +224,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -271,7 +274,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -285,6 +289,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -294,7 +301,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -308,7 +316,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -317,6 +326,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -337,6 +347,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -360,6 +371,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -412,6 +424,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -435,6 +448,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -488,6 +502,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -528,6 +543,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -624,6 +640,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -664,6 +681,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -778,6 +796,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -787,12 +817,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -870,6 +902,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -910,6 +943,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -992,6 +1026,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -1001,7 +1038,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1009,6 +1046,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1020,6 +1060,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1040,11 +1083,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1066,7 +1111,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1115,7 +1161,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1129,6 +1176,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1138,7 +1188,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1152,7 +1203,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1161,6 +1213,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images" type: "string" @@ -1181,6 +1234,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1204,6 +1258,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1256,6 +1311,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -1279,6 +1335,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1332,6 +1389,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1372,6 +1430,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1468,6 +1527,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1508,6 +1568,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1622,6 +1683,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -1631,12 +1704,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1714,6 +1789,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -1754,6 +1830,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -1839,6 +1916,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.\nCannot be updated." items: @@ -1848,7 +1928,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -1856,6 +1936,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -1867,6 +1950,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -1884,11 +1970,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" command: description: "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" env: description: "List of environment variables to set in the container.\nCannot be updated." items: @@ -1910,7 +1998,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1959,7 +2048,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1973,6 +2063,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" envFrom: description: "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated." items: @@ -1982,7 +2075,8 @@ spec: description: "The ConfigMap to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1996,7 +2090,8 @@ spec: description: "The Secret to select from" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2005,6 +2100,7 @@ spec: x-kubernetes-map-type: "atomic" type: "object" type: "array" + x-kubernetes-list-type: "atomic" image: description: "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." type: "string" @@ -2025,6 +2121,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2048,6 +2145,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2100,6 +2198,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" httpGet: description: "HTTPGet specifies the http request to perform." @@ -2123,6 +2222,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2176,6 +2276,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2216,6 +2317,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2312,6 +2414,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2352,6 +2455,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2466,6 +2570,18 @@ spec: allowPrivilegeEscalation: description: "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" capabilities: description: "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows." properties: @@ -2475,12 +2591,14 @@ spec: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" drop: description: "Removed capabilities" items: description: "Capability represent POSIX capabilities type" type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" privileged: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2558,6 +2676,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" failureThreshold: description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." @@ -2598,6 +2717,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" path: description: "Path to access on the HTTP server." type: "string" @@ -2680,6 +2800,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "devicePath" + x-kubernetes-list-type: "map" volumeMounts: description: "Pod volumes to mount into the container's filesystem.\nCannot be updated." items: @@ -2689,7 +2812,7 @@ spec: description: "Path within the container at which the volume should be mounted. Must\nnot contain ':'." type: "string" mountPropagation: - description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10." + description: "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None)." type: "string" name: description: "This must match the Name of a Volume." @@ -2697,6 +2820,9 @@ spec: readOnly: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" + recursiveReadOnly: + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." type: "string" @@ -2708,6 +2834,9 @@ spec: - "name" type: "object" type: "array" + x-kubernetes-list-map-keys: + - "mountPath" + x-kubernetes-list-type: "map" workingDir: description: "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated." type: "string" @@ -2726,6 +2855,18 @@ spec: securityContext: description: "PodSecurityContext" properties: + appArmorProfile: + description: "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\"." + type: "string" + type: + description: "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement." + type: "string" + required: + - "type" + type: "object" fsGroup: description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" @@ -2778,6 +2919,7 @@ spec: format: "int64" type: "integer" type: "array" + x-kubernetes-list-type: "atomic" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -2794,6 +2936,7 @@ spec: - "value" type: "object" type: "array" + x-kubernetes-list-type: "atomic" windowsOptions: description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." properties: @@ -2839,11 +2982,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2862,7 +3007,7 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: @@ -2956,6 +3101,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" path: description: "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /" type: "string" @@ -2969,7 +3115,8 @@ spec: description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2992,7 +3139,8 @@ spec: description: "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3029,8 +3177,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3050,7 +3200,8 @@ spec: description: "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3078,7 +3229,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3121,6 +3272,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" emptyDir: description: "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" @@ -3153,6 +3305,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" dataSource: description: "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource." properties: @@ -3230,11 +3383,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3246,7 +3401,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -3277,11 +3432,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" wwids: description: "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously." items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" type: "object" flexVolume: description: "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin." @@ -3304,7 +3461,8 @@ spec: description: "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3413,6 +3571,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" readOnly: description: "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false." type: "boolean" @@ -3420,7 +3579,8 @@ spec: description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3524,11 +3684,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3574,8 +3736,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3591,7 +3755,7 @@ spec: description: "DownwardAPIVolumeFile represents information to create the file containing the pod field" properties: fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." + description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -3634,6 +3798,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" secret: description: "secret information about the secret data to project" @@ -3658,8 +3823,10 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -3684,6 +3851,7 @@ spec: type: "object" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" quobyte: description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime" @@ -3727,6 +3895,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" pool: description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" @@ -3737,7 +3906,8 @@ spec: description: "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3767,7 +3937,8 @@ spec: description: "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3818,6 +3989,7 @@ spec: - "path" type: "object" type: "array" + x-kubernetes-list-type: "atomic" optional: description: "optional field specify whether the Secret or its keys must be defined" type: "boolean" @@ -3838,7 +4010,8 @@ spec: description: "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4096,6 +4269,7 @@ spec: type: "string" port: description: "To configure a different port exposed by the container (default `8080`)." + format: "int32" type: "integer" portName: description: "To configure a different port name for the port exposed by the container. It defaults to `http` only when the `expose` parameter is true." @@ -4121,6 +4295,7 @@ spec: type: "string" servicePort: description: "To configure under which service port the container port is to be exposed (default `80`)." + format: "int32" type: "integer" servicePortName: description: "To configure under which service port name the container port is to be exposed (default `http`)." @@ -4280,7 +4455,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true discoveryCache: - description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: to be removed from trait configuration." + description: "Discovery client cache to be used, either `disabled`, `disk` or `memory` (default `memory`).\nDeprecated: no longer in use." enum: - "disabled" - "disk" @@ -4485,6 +4660,7 @@ spec: type: "string" port: description: "The Jolokia endpoint port (default `8778`)." + format: "int32" type: "integer" protocol: description: "The protocol to use, either `http` or `https` (default `https` for OpenShift)" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml index f58115c08..102ad1bd7 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/clusters.yaml @@ -2917,7 +2917,7 @@ spec: maxLength: 32 type: "string" services: - description: "Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients." + description: "Overrides services defined in referenced ComponentDefinition." items: properties: annotations: @@ -7703,7 +7703,7 @@ spec: maxLength: 32 type: "string" services: - description: "Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients." + description: "Overrides services defined in referenced ComponentDefinition." items: properties: annotations: @@ -8898,6 +8898,7 @@ spec: - "Deleting" - "Updating" - "Stopping" + - "Starting" - "Running" - "Stopped" - "Failed" @@ -8984,6 +8985,7 @@ spec: - "Deleting" - "Updating" - "Stopping" + - "Starting" - "Running" - "Stopped" - "Failed" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml index e2bb2712e..e8193e65a 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/componentdefinitions.yaml @@ -2411,7 +2411,7 @@ spec: type: "integer" type: "object" dataDump: - description: "Defines the procedure for exporting the data from a replica.\n\n\nUse Case:\nThis action is intended for initializing a newly created replica with data. It involves exporting data\nfrom an existing replica and importing it into the new, empty replica. This is essential for synchronizing\nthe state of replicas across the system.\n\n\nApplicability:\nSome database engines or associated sidecar applications (e.g., Patroni) may already provide this functionality.\nIn such cases, this action may not be required.\n\n\nThe output should be a valid data dump streamed to stdout. It must exclude any irrelevant information to ensure\nthat only the necessary data is exported for import into the new replica.\n\n\nNote: This field is immutable once it has been set." + description: "Defines the procedure for exporting the data from a replica.\n\n\nUse Case:\nThis action is intended for initializing a newly created replica with data. It involves exporting data\nfrom an existing replica and importing it into the new, empty replica. This is essential for synchronizing\nthe state of replicas across the system.\n\n\nApplicability:\nSome database engines or associated sidecar applications (e.g., Patroni) may already provide this functionality.\nIn such cases, this action may not be required.\n\n\nThe output should be a valid data dump streamed to stdout. It must exclude any irrelevant information to ensure\nthat only the necessary data is exported for import into the new replica.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_TARGET_POD_NAME: The name of the replica pod into which the data will be loaded.\n\n\nNote: This field is immutable once it has been set." properties: exec: description: "Defines the command to run.\n\n\nThis field cannot be updated." @@ -8812,6 +8812,33 @@ spec: - "name" type: "object" type: "array" + tls: + description: "Specifies the TLS configuration for the Component.\n\n\nThis field is immutable." + properties: + caFile: + description: "The CA file of the TLS.\n\n\nThis field is immutable once set." + type: "string" + certFile: + description: "The certificate file of the TLS.\n\n\nThis field is immutable once set." + type: "string" + defaultMode: + default: 600 + description: "The default permissions for the mounted path.\n\n\nThis field is immutable once set." + format: "int32" + type: "integer" + keyFile: + description: "The key file of the TLS.\n\n\nThis field is immutable once set." + type: "string" + mountPath: + description: "Specifies the mount path for the TLS secret to be mounted.\nSimilar to the volume, the controller will mount the created volume to the specified path within containers when the TLS is enabled.\n\n\nThis field is immutable once set." + type: "string" + volumeName: + description: "Specifies the volume name for the TLS secret.\nThe controller will create a volume object with the specified name and add it to the pod when the TLS is enabled.\n\n\nThis field is immutable once set." + type: "string" + required: + - "mountPath" + - "volumeName" + type: "object" updateStrategy: default: "Serial" description: "Specifies the concurrency strategy for updating multiple instances of the Component.\nAvailable strategies:\n\n\n- `Serial`: Updates replicas one at a time, ensuring minimal downtime by waiting for each replica to become ready\n before updating the next.\n- `Parallel`: Updates all replicas simultaneously, optimizing for speed but potentially reducing availability\n during the update.\n- `BestEffortParallel`: Updates replicas concurrently with a limit on simultaneous updates to ensure a minimum\n number of operational replicas for maintaining quorum.\n\t For example, in a 5-replica component, updating a maximum of 2 replicas simultaneously keeps\n\t at least 3 operational for quorum.\n\n\nThis field is immutable and defaults to 'Serial'." @@ -9299,6 +9326,63 @@ spec: - "Optional" type: "string" type: "object" + tlsVarRef: + description: "Selects a defined var of the TLS." + properties: + compDef: + description: "Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinition\ncustom resource (CR) used by the component that the referent object resident in.\n\n\nIf not specified, the component itself will be used." + type: "string" + enabled: + description: "VarOption defines whether a variable is required or optional." + enum: + - "Required" + - "Optional" + type: "string" + multipleClusterObjectOption: + description: "This option defines the behavior when multiple component objects match the specified @CompDef.\nIf not provided, an error will be raised when handling multiple matches." + properties: + combinedOption: + description: "Define the options for handling combined variables.\nValid only when the strategy is set to \"combined\"." + properties: + flattenFormat: + description: "The flatten format, default is: $(comp-name-1):value,$(comp-name-2):value." + properties: + delimiter: + default: "," + description: "Pair delimiter." + type: "string" + keyValueDelimiter: + default: ":" + description: "Key-value delimiter." + type: "string" + required: + - "delimiter" + - "keyValueDelimiter" + type: "object" + newVarSuffix: + description: "If set, the existing variable will be kept, and a new variable will be defined with the specified suffix\nin pattern: $(var.name)_$(suffix).\nThe new variable will be auto-created and placed behind the existing one.\nIf not set, the existing variable will be reused with the value format defined below." + type: "string" + valueFormat: + default: "Flatten" + description: "The format of the value that the operator will use to compose values from multiple components." + type: "string" + type: "object" + strategy: + description: "Define the strategy for handling multiple cluster objects." + enum: + - "individual" + - "combined" + type: "string" + required: + - "strategy" + type: "object" + name: + description: "Name of the referent object." + type: "string" + optional: + description: "Specify whether the object must be defined." + type: "boolean" + type: "object" type: "object" required: - "name" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml index 14feaab45..82b7e4924 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1/components.yaml @@ -2825,7 +2825,7 @@ spec: maxLength: 32 type: "string" services: - description: "Overrides Services defined in referenced ComponentDefinition and exposes endpoints that can be accessed by clients." + description: "Overrides Services defined in referenced ComponentDefinition." items: description: "ComponentService defines a service that would be exposed as an inter-component service within a Cluster.\nA Service defined in the ComponentService is expected to be accessed by other Components within the same Cluster.\n\n\nWhen a Component needs to use a ComponentService provided by another Component within the same Cluster,\nit can declare a variable in the `componentDefinition.spec.vars` section and bind it to the specific exposed address\nof the ComponentService using the `serviceVarRef` field." properties: @@ -2976,6 +2976,25 @@ spec: - "name" type: "object" type: "array" + sidecars: + description: "Specifies the sidecars to be injected into the Component." + items: + properties: + name: + description: "Name specifies the unique name of the sidecar.\n\n\nThe name will be used as the name of the sidecar container in the Pod." + type: "string" + owner: + description: "Specifies the exact component definition that the sidecar belongs to.\n\n\nA sidecar will be updated when the owner component definition is updated only." + type: "string" + sidecarDef: + description: "Specifies the sidecar definition CR to be used to create the sidecar." + type: "string" + required: + - "name" + - "owner" + - "sidecarDef" + type: "object" + type: "array" stop: description: "Stop the Component.\nIf set, all the computing resources will be released." type: "boolean" @@ -4201,12 +4220,13 @@ spec: format: "int64" type: "integer" phase: - description: "Indicates the current phase of the Component, with each phase indicating specific conditions:\n\n\n- Creating: The initial phase for new Components, transitioning from 'empty'(\"\").\n- Running: All Pods are up-to-date and in a Running state.\n- Updating: The Component is currently being updated, with no failed Pods present.\n- Failed: A significant number of Pods have failed.\n- Stopping: All Pods are being terminated, with current replica count at zero.\n- Stopped: All associated Pods have been successfully deleted.\n- Deleting: The Component is being deleted." + description: "Indicates the current phase of the Component, with each phase indicating specific conditions:\n\n\n- Creating: The initial phase for new Components, transitioning from 'empty'(\"\").\n- Running: All Pods are up-to-date and in a Running state.\n- Updating: The Component is currently being updated, with no failed Pods present.\n- Failed: A significant number of Pods have failed.\n- Stopping: All Pods are being terminated, with current replica count at zero.\n- Stopped: All associated Pods have been successfully deleted.\n- Starting: Pods are being started.\n- Deleting: The Component is being deleted." enum: - "Creating" - "Deleting" - "Updating" - "Stopping" + - "Starting" - "Running" - "Stopped" - "Failed" diff --git a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml index 28a7db755..b6d94fd24 100644 --- a/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml +++ b/crd-catalog/apecloud/kubeblocks/apps.kubeblocks.io/v1alpha1/componentdefinitions.yaml @@ -208,7 +208,7 @@ spec: description: "Defines the procedure to generate a new database account.\n\n\nUse Case:\nThis action is designed to create system accounts that are utilized for replication, monitoring, backup,\nand other administrative tasks.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -395,7 +395,7 @@ spec: description: "Defines the procedure for exporting the data from a replica.\n\n\nUse Case:\nThis action is intended for initializing a newly created replica with data. It involves exporting data\nfrom an existing replica and importing it into the new, empty replica. This is essential for synchronizing\nthe state of replicas across the system.\n\n\nApplicability:\nSome database engines or associated sidecar applications (e.g., Patroni) may already provide this functionality.\nIn such cases, this action may not be required.\n\n\nThe output should be a valid data dump streamed to stdout. It must exclude any irrelevant information to ensure\nthat only the necessary data is exported for import into the new replica.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -582,7 +582,7 @@ spec: description: "Defines the procedure for importing data into a replica.\n\n\nUse Case:\nThis action is intended for initializing a newly created replica with data. It involves exporting data\nfrom an existing replica and importing it into the new, empty replica. This is essential for synchronizing\nthe state of replicas across the system.\n\n\nSome database engines or associated sidecar applications (e.g., Patroni) may already provide this functionality.\nIn such cases, this action may not be required.\n\n\nData should be received through stdin. If any error occurs during the process,\nthe action must be able to guarantee idempotence to allow for retries from the beginning.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -769,7 +769,7 @@ spec: description: "Defines the procedure to add a new replica to the replication group.\n\n\nThis action is initiated after a replica pod becomes ready.\n\n\nThe role of the replica (e.g., primary, secondary) will be determined and assigned as part of the action command\nimplementation, or automatically by the database kernel or a sidecar utility like Patroni that implements\na consensus algorithm.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_SERVICE_PORT: The port used by the database service.\n- KB_SERVICE_USER: The username with the necessary permissions to interact with the database service.\n- KB_SERVICE_PASSWORD: The corresponding password for KB_SERVICE_USER to authenticate with the database service.\n- KB_PRIMARY_POD_FQDN: The FQDN of the primary Pod within the replication group.\n- KB_MEMBER_ADDRESSES: A comma-separated list of Pod addresses for all replicas in the group.\n- KB_NEW_MEMBER_POD_NAME: The pod name of the replica being added to the group.\n- KB_NEW_MEMBER_POD_IP: The IP address of the replica being added to the group.\n\n\nExpected action output:\n- On Failure: An error message detailing the reason for any failure encountered\n during the addition of the new member.\n\n\nFor example, to add a new OBServer to an OceanBase Cluster in 'zone1', the following command may be used:\n\n\n```yaml\ncommand:\n- bash\n- -c\n- |\n ADDRESS=$(KB_MEMBER_ADDRESSES%%,*)\n HOST=$(echo $ADDRESS | cut -d ':' -f 1)\n PORT=$(echo $ADDRESS | cut -d ':' -f 2)\n CLIENT=\"mysql -u $KB_SERVICE_USER -p$KB_SERVICE_PASSWORD -P $PORT -h $HOST -e\"\n $CLIENT \"ALTER SYSTEM ADD SERVER '$KB_NEW_MEMBER_POD_IP:$KB_SERVICE_PORT' ZONE 'zone1'\"\n```\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -956,7 +956,7 @@ spec: description: "Defines the procedure to remove a replica from the replication group.\n\n\nThis action is initiated before remove a replica from the group.\nThe operator will wait for MemberLeave to complete successfully before releasing the replica and cleaning up\nrelated Kubernetes resources.\n\n\nThe process typically includes updating configurations and informing other group members about the removal.\nData migration is generally not part of this action and should be handled separately if needed.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_SERVICE_PORT: The port used by the database service.\n- KB_SERVICE_USER: The username with the necessary permissions to interact with the database service.\n- KB_SERVICE_PASSWORD: The corresponding password for KB_SERVICE_USER to authenticate with the database service.\n- KB_PRIMARY_POD_FQDN: The FQDN of the primary Pod within the replication group.\n- KB_MEMBER_ADDRESSES: A comma-separated list of Pod addresses for all replicas in the group.\n- KB_LEAVE_MEMBER_POD_NAME: The pod name of the replica being removed from the group.\n- KB_LEAVE_MEMBER_POD_IP: The IP address of the replica being removed from the group.\n\n\nExpected action output:\n- On Failure: An error message, if applicable, indicating why the action failed.\n\n\nFor example, to remove an OBServer from an OceanBase Cluster in 'zone1', the following command can be executed:\n\n\n```yaml\ncommand:\n- bash\n- -c\n- |\n ADDRESS=$(KB_MEMBER_ADDRESSES%%,*)\n HOST=$(echo $ADDRESS | cut -d ':' -f 1)\n PORT=$(echo $ADDRESS | cut -d ':' -f 2)\n CLIENT=\"mysql -u $KB_SERVICE_USER -p$KB_SERVICE_PASSWORD -P $PORT -h $HOST -e\"\n $CLIENT \"ALTER SYSTEM DELETE SERVER '$KB_LEAVE_MEMBER_POD_IP:$KB_SERVICE_PORT' ZONE 'zone1'\"\n```\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -1143,7 +1143,7 @@ spec: description: "Specifies the hook to be executed after a component's creation.\n\n\nBy setting `postProvision.customHandler.preCondition`, you can determine the specific lifecycle stage\nat which the action should trigger: `Immediately`, `RuntimeReady`, `ComponentReady`, and `ClusterReady`.\nwith `ComponentReady` being the default.\n\n\nThe PostProvision Action is intended to run only once.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., \"pod1,pod2\").\n- KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component\n (e.g., \"pod1,pod2\").\n- KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted\n (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted\n (e.g., \"comp1,comp2\").\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -1330,7 +1330,7 @@ spec: description: "Specifies the hook to be executed prior to terminating a component.\n\n\nThe PreTerminate Action is intended to run only once.\n\n\nThis action is executed immediately when a scale-down operation for the Component is initiated.\nThe actual termination and cleanup of the Component and its associated resources will not proceed\nuntil the PreTerminate action has completed successfully.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_CLUSTER_POD_IP_LIST: Comma-separated list of the cluster's pod IP addresses (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_POD_NAME_LIST: Comma-separated list of the cluster's pod names (e.g., \"pod1,pod2\").\n- KB_CLUSTER_POD_HOST_NAME_LIST: Comma-separated list of host names, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_POD_HOST_IP_LIST: Comma-separated list of host IP addresses, each corresponding to a pod in\n KB_CLUSTER_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_POD_NAME_LIST: Comma-separated list of all pod names within the component\n (e.g., \"pod1,pod2\").\n- KB_CLUSTER_COMPONENT_POD_IP_LIST: Comma-separated list of pod IP addresses,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"podIp1,podIp2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_NAME_LIST: Comma-separated list of host names for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostName1,hostName2\").\n- KB_CLUSTER_COMPONENT_POD_HOST_IP_LIST: Comma-separated list of host IP addresses for each pod,\n matching the order of pods in KB_CLUSTER_COMPONENT_POD_NAME_LIST (e.g., \"hostIp1,hostIp2\").\n\n\n- KB_CLUSTER_COMPONENT_LIST: Comma-separated list of all cluster components (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_DELETING_LIST: Comma-separated list of components that are currently being deleted\n (e.g., \"comp1,comp2\").\n- KB_CLUSTER_COMPONENT_UNDELETED_LIST: Comma-separated list of components that are not being deleted\n (e.g., \"comp1,comp2\").\n\n\n- KB_CLUSTER_COMPONENT_IS_SCALING_IN: Indicates whether the component is currently scaling in.\n If this variable is present and set to \"true\", it denotes that the component is undergoing a scale-in operation.\n During scale-in, data rebalancing is necessary to maintain cluster integrity.\n Contrast this with a cluster deletion scenario where data rebalancing is not required as the entire cluster\n is being cleaned up.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -1517,7 +1517,7 @@ spec: description: "Defines the procedure to switch a replica into the read-only state.\n\n\nUse Case:\nThis action is invoked when the database's volume capacity nears its upper limit and space is about to be exhausted.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_POD_FQDN: The FQDN of the replica pod whose role is being checked.\n- KB_SERVICE_PORT: The port used by the database service.\n- KB_SERVICE_USER: The username with the necessary permissions to interact with the database service.\n- KB_SERVICE_PASSWORD: The corresponding password for KB_SERVICE_USER to authenticate with the database service.\n\n\nExpected action output:\n- On Failure: An error message, if applicable, indicating why the action failed.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -1704,7 +1704,7 @@ spec: description: "Defines the procedure to transition a replica from the read-only state back to the read-write state.\n\n\nUse Case:\nThis action is used to bring back a replica that was previously in a read-only state,\nwhich restricted write operations, to its normal operational state where it can handle\nboth read and write operations.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_POD_FQDN: The FQDN of the replica pod whose role is being checked.\n- KB_SERVICE_PORT: The port used by the database service.\n- KB_SERVICE_USER: The username with the necessary permissions to interact with the database service.\n- KB_SERVICE_PASSWORD: The corresponding password for KB_SERVICE_USER to authenticate with the database service.\n\n\nExpected action output:\n- On Failure: An error message, if applicable, indicating why the action failed.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -1891,7 +1891,7 @@ spec: description: "Defines the procedure that update a replica with new configuration.\n\n\nNote: This field is immutable once it has been set.\n\n\nThis Action is reserved for future versions." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." @@ -2078,7 +2078,7 @@ spec: description: "Defines the procedure which is invoked regularly to assess the role of replicas.\n\n\nThis action is periodically triggered by Lorry at the specified interval to determine the role of each replica.\nUpon successful execution, the action's output designates the role of the replica,\nwhich should match one of the predefined role names within `componentDefinition.spec.roles`.\nThe output is then compared with the previous successful execution result.\nIf a role change is detected, an event is generated to inform the controller,\nwhich initiates an update of the replica's role.\n\n\nDefining a RoleProbe Action for a Component is required if roles are defined for the Component.\nIt ensures replicas are correctly labeled with their respective roles.\nWithout this, services that rely on roleSelectors might improperly direct traffic to wrong replicas.\n\n\nThe container executing this action has access to following environment variables:\n\n\n- KB_POD_FQDN: The FQDN of the Pod whose role is being assessed.\n- KB_SERVICE_PORT: The port used by the database service.\n- KB_SERVICE_USER: The username with the necessary permissions to interact with the database service.\n- KB_SERVICE_PASSWORD: The corresponding password for KB_SERVICE_USER to authenticate with the database service.\n\n\nExpected output of this action:\n- On Success: The determined role of the replica, which must align with one of the roles specified\n in the component definition.\n- On Failure: An error message, if applicable, indicating why the action failed.\n\n\nNote: This field is immutable once it has been set." properties: builtinHandler: - description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." + description: "Specifies the name of the predefined action handler to be invoked for lifecycle actions.\n\n\nLorry, as a sidecar agent co-located with the database container in the same Pod,\nincludes a suite of built-in action implementations that are tailored to different database engines.\nThese are known as \"builtin\" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`,\n`postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`.\n\n\nIf the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler\nto execute the specified lifecycle actions.\n\n\nThe `builtinHandler` field is of type `BuiltinActionHandlerType`,\nwhich represents the name of the built-in handler.\nThe `builtinHandler` specified within the same `ComponentLifecycleActions` should be consistent across all\nactions.\nThis means that if you specify a built-in handler for one action, you should use the same handler\nfor all other actions throughout the entire `ComponentLifecycleActions` collection.\n\n\nIf you need to define lifecycle actions for database engines not covered by the existing built-in support,\nor when the pre-existing built-in handlers do not meet your specific needs,\nyou can use the `customHandler` field to define your own action implementation.\n\n\nDeprecation Notice:\n\n\n- In the future, the `builtinHandler` field will be deprecated in favor of using the `customHandler` field\n for configuring all lifecycle actions.\n- Instead of using a name to indicate the built-in action implementations in Lorry,\n the recommended approach will be to explicitly invoke the desired action implementation through\n a gRPC interface exposed by the sidecar agent.\n- Developers will have the flexibility to either use the built-in action implementations provided by Lorry\n or develop their own sidecar agent to implement custom actions and expose them via gRPC interfaces.\n- This change will allow for greater customization and extensibility of lifecycle actions,\n as developers can create their own \"builtin\" implementations tailored to their specific requirements." type: "string" customHandler: description: "Specifies a user-defined hook or procedure that is called to perform the specific lifecycle action.\nIt offers a flexible and expandable approach for customizing the behavior of a Component by leveraging\ntailored actions.\n\n\nAn Action can be implemented as either an ExecAction or an HTTPAction, with future versions planning\nto support GRPCAction,\nthereby accommodating unique logic for different database systems within the Action's framework.\n\n\nIn future iterations, all built-in handlers are expected to transition to GRPCAction.\nThis change means that Lorry or other sidecar agents will expose the implementation of actions\nthrough a GRPC interface for external invocation.\nThen the controller will interact with these actions via GRPCAction calls." diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml index a2ca34ef2..284024061 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/actionsets.yaml @@ -217,6 +217,11 @@ spec: - "command" - "image" type: "object" + withParameters: + description: "Specifies the parameters used by the backup action" + items: + type: "string" + type: "array" type: "object" backupType: allOf: @@ -225,13 +230,15 @@ spec: - "Incremental" - "Differential" - "Continuous" + - "Selective" - enum: - "Full" - "Incremental" - "Differential" - "Continuous" + - "Selective" default: "Full" - description: "Specifies the backup type. Supported values include:\n\n\n- `Full` for a full backup.\n- `Incremental` back up data that have changed since the last backup (either full or incremental).\n- `Differential` back up data that has changed since the last full backup.\n- `Continuous` back up transaction logs continuously, such as MySQL binlog, PostgreSQL WAL, etc.\n\n\nContinuous backup is essential for implementing Point-in-Time Recovery (PITR)." + description: "Specifies the backup type. Supported values include:\n\n\n- `Full` for a full backup.\n- `Incremental` back up data that have changed since the last backup (either full or incremental).\n- `Differential` back up data that has changed since the last full backup.\n- `Continuous` back up transaction logs continuously, such as MySQL binlog, PostgreSQL WAL, etc.\n- `Selective` back up data more precisely, use custom parameters, such as specific databases or tables.\n\n\nContinuous backup is essential for implementing Point-in-Time Recovery (PITR)." type: "string" env: description: "Specifies a list of environment variables to be set in the container." @@ -351,6 +358,14 @@ spec: type: "object" type: "array" x-kubernetes-preserve-unknown-fields: true + parametersSchema: + description: "Specifies the schema of parameters in backups and restores before their usage." + properties: + openAPIV3Schema: + description: "Defines the schema for parameters using the OpenAPI v3.\nThe supported property types include:\n- string\n- number\n- integer\n- array: Note that only items of string type are supported." + type: "object" + x-kubernetes-preserve-unknown-fields: true + type: "object" restore: description: "Specifies the restore action." properties: @@ -442,6 +457,11 @@ spec: - "command" - "image" type: "object" + withParameters: + description: "Specifies the parameters used by the restore action" + items: + type: "string" + type: "array" type: "object" required: - "backupType" diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml index dfc341de5..eebbc0707 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backups.yaml @@ -88,6 +88,28 @@ spec: default: "Delete" description: "Determines whether the backup contents stored in the backup repository\nshould be deleted when the backup custom resource(CR) is deleted.\nSupported values are `Retain` and `Delete`.\n\n\n- `Retain` means that the backup content and its physical snapshot on backup repository are kept.\n- `Delete` means that the backup content and its physical snapshot on backup repository are deleted.\n\n\nTODO: for the retain policy, we should support in the future for only deleting\n the backup CR but retaining the backup contents in backup repository.\n The current implementation only prevent accidental deletion of backup data." type: "string" + parameters: + description: "Specifies a list of name-value pairs representing parameters and their corresponding values.\nParameters match the schema specified in the `actionset.spec.parametersSchema`" + items: + properties: + name: + description: "Represents the name of the parameter." + type: "string" + value: + description: "Represents the parameter values." + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 128 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + x-kubernetes-validations: + - message: "forbidden to update spec.parameters" + rule: "self == oldSelf" parentBackupName: description: "Determines the parent backup name for incremental or differential backup." type: "string" @@ -101,6 +123,9 @@ spec: - "backupMethod" - "backupPolicyName" type: "object" + x-kubernetes-validations: + - message: "forbidden to update spec.parameters" + rule: "has(oldSelf.parameters) == has(self.parameters)" status: description: "BackupStatus defines the observed state of Backup." properties: diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backupschedules.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backupschedules.yaml index bb27ac41d..34dc99649 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backupschedules.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/backupschedules.yaml @@ -59,6 +59,28 @@ spec: enabled: description: "Specifies whether the backup schedule is enabled or not." type: "boolean" + name: + description: "Specifies the name of the schedule. Names cannot be duplicated.\nIf the name is empty, it will be considered the same as the value of the backupMethod below." + type: "string" + parameters: + description: "Specifies a list of name-value pairs representing parameters and their corresponding values.\nParameters match the schema specified in the `actionset.spec.parametersSchema`" + items: + properties: + name: + description: "Represents the name of the parameter." + type: "string" + value: + description: "Represents the parameter values." + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 128 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" retentionPeriod: default: "7d" description: "Determines the duration for which the backup should be kept.\nKubeBlocks will remove all backups that are older than the RetentionPeriod.\nFor example, RetentionPeriod of `30d` will keep only the backups of last 30 days.\nSample duration format:\n\n\n- years: \t2y\n- months: \t6mo\n- days: \t\t30d\n- hours: \t12h\n- minutes: \t30m\n\n\nYou can also combine the above durations. For example: 30d12h30m" diff --git a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml index 19b12745b..7c87a2523 100644 --- a/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml +++ b/crd-catalog/apecloud/kubeblocks/dataprotection.kubeblocks.io/v1alpha1/restores.yaml @@ -201,6 +201,28 @@ spec: type: "object" type: "array" x-kubernetes-preserve-unknown-fields: true + parameters: + description: "Specifies a list of name-value pairs representing parameters and their corresponding values.\nParameters match the schema specified in the `actionset.spec.parametersSchema`" + items: + properties: + name: + description: "Represents the name of the parameter." + type: "string" + value: + description: "Represents the parameter values." + type: "string" + required: + - "name" + - "value" + type: "object" + maxItems: 128 + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + x-kubernetes-validations: + - message: "forbidden to update spec.parameters" + rule: "self == oldSelf" prepareDataConfig: description: "Configuration for the action of \"prepareData\" phase, including the persistent volume claims\nthat need to be restored and scheduling strategy of temporary recovery pod." properties: @@ -1493,6 +1515,9 @@ spec: required: - "backup" type: "object" + x-kubernetes-validations: + - message: "forbidden to update spec.parameters" + rule: "has(oldSelf.parameters) == has(self.parameters)" status: description: "RestoreStatus defines the observed state of Restore" properties: diff --git a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml index 3d840f1fb..26ab586cf 100644 --- a/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml +++ b/crd-catalog/application-stacks/runtime-component-operator/rc.app.stacks/v1/runtimecomponents.yaml @@ -4872,6 +4872,10 @@ spec: type: description: "Defines the type of status condition." type: "string" + unchangedConditionCount: + description: "The count of the number of reconciles the condition status type has not changed." + format: "int32" + type: "integer" type: "object" type: "array" x-kubernetes-list-type: "atomic" @@ -4897,6 +4901,10 @@ spec: description: "The generation identifier of this RuntimeComponent instance completely reconciled by the Operator." format: "int64" type: "integer" + reconcileInterval: + description: "The reconciliation interval in seconds." + format: "int32" + type: "integer" references: additionalProperties: type: "string" diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml index 8f8d579b6..2b3535ecc 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applications.yaml @@ -96,6 +96,10 @@ spec: sync: description: "Sync contains parameters for the operation" properties: + autoHealAttemptsCount: + description: "SelfHealAttemptsCount contains the number of auto-heal attempts" + format: "int64" + type: "integer" dryRun: description: "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync" type: "boolean" @@ -196,6 +200,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -212,6 +221,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -256,6 +271,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -286,6 +306,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -474,6 +497,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -490,6 +518,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -534,6 +568,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -564,6 +603,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -842,6 +884,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -858,6 +905,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -902,6 +955,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -932,6 +990,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -1120,6 +1181,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -1136,6 +1202,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -1180,6 +1252,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1210,6 +1287,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -1528,6 +1608,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -1544,6 +1629,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -1588,6 +1679,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1618,6 +1714,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -1806,6 +1905,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -1822,6 +1926,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -1866,6 +1976,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1896,6 +2011,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -2090,6 +2208,10 @@ spec: sync: description: "Sync contains parameters for the operation" properties: + autoHealAttemptsCount: + description: "SelfHealAttemptsCount contains the number of auto-heal attempts" + format: "int64" + type: "integer" dryRun: description: "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync" type: "boolean" @@ -2190,6 +2312,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -2206,6 +2333,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -2250,6 +2383,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2280,6 +2418,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -2468,6 +2609,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -2484,6 +2630,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -2528,6 +2680,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2558,6 +2715,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -2847,6 +3007,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -2863,6 +3028,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -2907,6 +3078,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2937,6 +3113,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -3125,6 +3304,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -3141,6 +3325,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -3185,6 +3375,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3215,6 +3410,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -3526,6 +3724,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -3542,6 +3745,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -3586,6 +3795,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3616,6 +3830,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" @@ -3804,6 +4021,11 @@ spec: helm: description: "Helm holds helm specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" fileParameters: description: "FileParameters are file parameters to the helm template" items: @@ -3820,6 +4042,12 @@ spec: ignoreMissingValueFiles: description: "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values" type: "boolean" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" + namespace: + description: "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace." + type: "string" parameters: description: "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation" items: @@ -3864,6 +4092,11 @@ spec: kustomize: description: "Kustomize holds kustomize specific options" properties: + apiVersions: + description: "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind." + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3894,6 +4127,9 @@ spec: description: "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:" type: "string" type: "array" + kubeVersion: + description: "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster." + type: "string" labelWithoutSelector: description: "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not" type: "boolean" diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml index d28e5e45d..4ffd5b10d 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/applicationsets.yaml @@ -51,11 +51,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -193,6 +195,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -204,6 +210,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -235,6 +245,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -257,6 +271,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -409,6 +425,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -420,6 +440,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -451,6 +475,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -473,6 +501,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -648,11 +678,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -785,6 +817,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -796,6 +832,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -827,6 +867,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -849,6 +893,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1001,6 +1047,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1012,6 +1062,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1043,6 +1097,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1065,6 +1123,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1380,6 +1440,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1391,6 +1455,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1422,6 +1490,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1444,6 +1516,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1596,6 +1670,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1607,6 +1685,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1638,6 +1720,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -1660,6 +1746,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -1955,6 +2043,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -1966,6 +2058,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -1997,6 +2093,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2019,6 +2119,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -2171,6 +2273,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -2182,6 +2288,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -2213,6 +2323,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2235,6 +2349,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -2411,11 +2527,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -2553,6 +2671,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -2564,6 +2686,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -2595,6 +2721,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2617,6 +2747,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -2769,6 +2901,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -2780,6 +2916,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -2811,6 +2951,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -2833,6 +2977,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3008,11 +3154,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -3145,6 +3293,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3156,6 +3308,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3187,6 +3343,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3209,6 +3369,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3361,6 +3523,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3372,6 +3538,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3403,6 +3573,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3425,6 +3599,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3740,6 +3916,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3751,6 +3931,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3782,6 +3966,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -3804,6 +3992,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -3956,6 +4146,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -3967,6 +4161,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -3998,6 +4196,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4020,6 +4222,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -4315,6 +4519,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -4326,6 +4534,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -4357,6 +4569,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4379,6 +4595,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -4531,6 +4749,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -4542,6 +4764,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -4573,6 +4799,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4595,6 +4825,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -4898,6 +5130,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -4909,6 +5145,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -4940,6 +5180,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -4962,6 +5206,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -5114,6 +5360,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -5125,6 +5375,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -5156,6 +5410,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -5178,6 +5436,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -5436,6 +5696,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" repo: @@ -5511,6 +5798,16 @@ spec: properties: api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" insecure: type: "boolean" labels: @@ -5663,6 +5960,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -5674,6 +5975,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -5705,6 +6010,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -5727,6 +6036,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -5879,6 +6190,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -5890,6 +6205,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -5921,6 +6240,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -5943,6 +6266,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -6191,6 +6516,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" required: @@ -6271,7 +6623,17 @@ spec: type: "boolean" api: type: "string" - group: + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + group: type: "string" includeSharedProjects: type: "boolean" @@ -6423,6 +6785,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -6434,6 +6800,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -6465,6 +6835,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -6487,6 +6861,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -6639,6 +7015,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -6650,6 +7030,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -6681,6 +7065,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -6703,6 +7091,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -6874,11 +7264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7013,6 +7405,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7024,6 +7420,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7055,6 +7455,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7077,6 +7481,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -7229,6 +7635,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7240,6 +7650,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7271,6 +7685,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7293,6 +7711,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -7471,11 +7891,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -7613,6 +8035,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7624,6 +8050,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7655,6 +8085,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7677,6 +8111,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -7829,6 +8265,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -7840,6 +8280,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -7871,6 +8315,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -7893,6 +8341,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -8068,11 +8518,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -8205,6 +8657,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -8216,6 +8672,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -8247,6 +8707,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -8269,6 +8733,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -8421,6 +8887,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -8432,6 +8902,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -8463,6 +8937,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -8485,6 +8963,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -8800,6 +9280,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -8811,6 +9295,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -8842,6 +9330,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -8864,6 +9356,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9016,6 +9510,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9027,6 +9525,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -9058,6 +9560,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -9080,6 +9586,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9375,6 +9883,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9386,6 +9898,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -9417,6 +9933,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -9439,6 +9959,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9591,6 +10113,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9602,6 +10128,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -9633,6 +10163,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -9655,6 +10189,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -9958,6 +10494,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -9969,6 +10509,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10000,6 +10544,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -10022,6 +10570,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -10174,6 +10724,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -10185,6 +10739,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10216,6 +10774,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -10238,6 +10800,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -10496,6 +11060,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" repo: @@ -10571,6 +11162,16 @@ spec: properties: api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" insecure: type: "boolean" labels: @@ -10723,6 +11324,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -10734,6 +11339,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10765,6 +11374,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -10787,6 +11400,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -10939,6 +11554,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -10950,6 +11569,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -10981,6 +11604,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -11003,6 +11630,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -11251,6 +11880,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" required: @@ -11331,6 +11987,16 @@ spec: type: "boolean" api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" group: type: "string" includeSharedProjects: @@ -11483,6 +12149,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -11494,6 +12164,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -11525,6 +12199,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -11547,6 +12225,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -11699,6 +12379,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -11710,6 +12394,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -11741,6 +12429,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -11763,6 +12455,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -11934,11 +12628,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -12077,6 +12773,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12088,6 +12788,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12119,6 +12823,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12141,6 +12849,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -12293,6 +13003,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12304,6 +13018,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12335,6 +13053,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12357,6 +13079,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -12659,6 +13383,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12670,6 +13398,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12701,6 +13433,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12723,6 +13459,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -12875,6 +13613,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -12886,6 +13628,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -12917,6 +13663,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -12939,6 +13689,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -13197,6 +13949,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" repo: @@ -13272,6 +14051,16 @@ spec: properties: api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" insecure: type: "boolean" labels: @@ -13424,6 +14213,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -13435,6 +14228,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -13466,6 +14263,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -13488,6 +14289,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -13640,6 +14443,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -13651,6 +14458,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -13682,6 +14493,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -13704,6 +14519,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -13952,6 +14769,33 @@ spec: - "passwordRef" - "username" type: "object" + bearerToken: + properties: + tokenRef: + properties: + key: + type: "string" + secretName: + type: "string" + required: + - "key" + - "secretName" + type: "object" + required: + - "tokenRef" + type: "object" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" + insecure: + type: "boolean" project: type: "string" required: @@ -14032,6 +14876,16 @@ spec: type: "boolean" api: type: "string" + caRef: + properties: + configMapName: + type: "string" + key: + type: "string" + required: + - "configMapName" + - "key" + type: "object" group: type: "string" includeSharedProjects: @@ -14184,6 +15038,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -14195,6 +15053,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -14226,6 +15088,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -14248,6 +15114,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -14400,6 +15268,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -14411,6 +15283,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -14442,6 +15318,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -14464,6 +15344,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -14635,11 +15517,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -14849,6 +15733,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -14860,6 +15748,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -14891,6 +15783,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -14913,6 +15809,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: @@ -15065,6 +15963,10 @@ spec: type: "object" helm: properties: + apiVersions: + items: + type: "string" + type: "array" fileParameters: items: properties: @@ -15076,6 +15978,10 @@ spec: type: "array" ignoreMissingValueFiles: type: "boolean" + kubeVersion: + type: "string" + namespace: + type: "string" parameters: items: properties: @@ -15107,6 +16013,10 @@ spec: type: "object" kustomize: properties: + apiVersions: + items: + type: "string" + type: "array" commonAnnotations: additionalProperties: type: "string" @@ -15129,6 +16039,8 @@ spec: items: type: "string" type: "array" + kubeVersion: + type: "string" labelWithoutSelector: type: "boolean" namePrefix: diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml index 28e52e69b..1c538c867 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1alpha1/appprojects.yaml @@ -64,6 +64,25 @@ spec: description: description: "Description contains optional project description" type: "string" + destinationServiceAccounts: + description: "DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination." + items: + description: "ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation." + properties: + defaultServiceAccount: + description: "DefaultServiceAccount to be used for impersonation during the sync operation" + type: "string" + namespace: + description: "Namespace specifies the target namespace for the application's resources." + type: "string" + server: + description: "Server specifies the URL of the target cluster's Kubernetes control plane API." + type: "string" + required: + - "defaultServiceAccount" + - "server" + type: "object" + type: "array" destinations: description: "Destinations contains list of destinations available for deployment" items: diff --git a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1beta1/argocds.yaml b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1beta1/argocds.yaml index cde934bf0..1c466d486 100644 --- a/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1beta1/argocds.yaml +++ b/crd-catalog/argoproj-labs/argocd-operator/argoproj.io/v1beta1/argocds.yaml @@ -2294,6 +2294,9 @@ spec: description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" + respectRBAC: + description: "RespectRBAC restricts controller from discovering/syncing specific resources, Defaults is empty if not configured. Valid options are strict and normal." + type: "string" sharding: description: "Sharding contains the options for the Application Controller sharding configuration." properties: diff --git a/crd-catalog/aws/amazon-cloudwatch-agent-operator/cloudwatch.aws.amazon.com/v1alpha1/amazoncloudwatchagents.yaml b/crd-catalog/aws/amazon-cloudwatch-agent-operator/cloudwatch.aws.amazon.com/v1alpha1/amazoncloudwatchagents.yaml index cca01fd86..f87e2f6b6 100644 --- a/crd-catalog/aws/amazon-cloudwatch-agent-operator/cloudwatch.aws.amazon.com/v1alpha1/amazoncloudwatchagents.yaml +++ b/crd-catalog/aws/amazon-cloudwatch-agent-operator/cloudwatch.aws.amazon.com/v1alpha1/amazoncloudwatchagents.yaml @@ -3006,6 +3006,30 @@ spec: priorityClassName: description: "If specified, indicates the pod's priority.\nIf not specified, the pod priority will be default or zero if there is no\ndefault." type: "string" + prometheus: + description: "Prometheus is the raw YAML to be used as the collector's prometheus configuration." + properties: + config: + description: "AnyConfig represent parts of the config." + type: "object" + x-kubernetes-preserve-unknown-fields: true + report_extra_scrape_metrics: + type: "boolean" + x-kubernetes-preserve-unknown-fields: true + start_time_metric_regex: + type: "string" + x-kubernetes-preserve-unknown-fields: true + target_allocator: + description: "AnyConfig represent parts of the config." + type: "object" + x-kubernetes-preserve-unknown-fields: true + trim_metric_suffixes: + type: "boolean" + x-kubernetes-preserve-unknown-fields: true + use_start_time_metric: + type: "boolean" + x-kubernetes-preserve-unknown-fields: true + type: "object" replicas: description: "Replicas is the number of pod instances for the underlying OpenTelemetry Collector. Set this if your are not using autoscaling" format: "int32" @@ -3137,6 +3161,878 @@ spec: serviceAccount: description: "ServiceAccount indicates the name of an existing service account to use with this instance. When set,\nthe operator will not automatically create a ServiceAccount for the collector." type: "string" + targetAllocator: + description: "TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not." + properties: + affinity: + description: "If specified, indicates the pod's scheduling constraints" + properties: + nodeAffinity: + description: "Describes node affinity scheduling rules for the pod." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred." + items: + description: "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op)." + properties: + preference: + description: "A node selector term, associated with the corresponding weight." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + weight: + description: "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100." + format: "int32" + type: "integer" + required: + - "preference" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." + properties: + nodeSelectorTerms: + description: "Required. A list of node selector terms. The terms are ORed." + items: + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + properties: + matchExpressions: + description: "A list of node selector requirements by node's labels." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchFields: + description: "A list of node selector requirements by node's fields." + items: + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." + properties: + key: + description: "The label key that the selector applies to." + type: "string" + operator: + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + type: "string" + values: + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + required: + - "nodeSelectorTerms" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + podAffinity: + description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + podAntiAffinity: + description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred." + items: + description: "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)" + properties: + podAffinityTerm: + description: "Required. A pod affinity term, associated with the corresponding weight." + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + weight: + description: "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100." + format: "int32" + type: "integer" + required: + - "podAffinityTerm" + - "weight" + type: "object" + type: "array" + requiredDuringSchedulingIgnoredDuringExecution: + description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." + items: + description: "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running" + properties: + labelSelector: + description: "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + mismatchLabelKeys: + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + namespaceSelector: + description: "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + namespaces: + description: "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\"." + items: + type: "string" + type: "array" + topologyKey: + description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." + type: "string" + required: + - "topologyKey" + type: "object" + type: "array" + type: "object" + type: "object" + allocationStrategy: + description: "AllocationStrategy determines which strategy the target allocator should use for allocation.\nThe current option is consistent-hashing." + enum: + - "consistent-hashing" + type: "string" + enabled: + description: "Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not." + type: "boolean" + env: + description: "ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be\nconsumed in the config file for the TargetAllocator." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + filterStrategy: + description: "FilterStrategy determines how to filter targets before allocating them among the collectors.\nThe only current option is relabel-config (drops targets based on prom relabel_config).\nFiltering is disabled by default." + type: "string" + image: + description: "Image indicates the container image to use for the OpenTelemetry TargetAllocator." + type: "string" + nodeSelector: + additionalProperties: + type: "string" + description: "NodeSelector to schedule OpenTelemetry TargetAllocator pods." + type: "object" + prometheusCR: + description: "PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval.\nAll CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces." + properties: + enabled: + description: "Enabled indicates whether to use a PrometheusOperator custom resources as targets or not." + type: "boolean" + podMonitorSelector: + additionalProperties: + type: "string" + description: "PodMonitors to be selected for target discovery.\nThis is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a\nPodMonitor's meta labels. The requirements are ANDed." + type: "object" + scrapeInterval: + default: "30s" + description: "Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD.\n\n\nDefault: \"30s\"" + format: "duration" + type: "string" + serviceMonitorSelector: + additionalProperties: + type: "string" + description: "ServiceMonitors to be selected for target discovery.\nThis is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a\nServiceMonitor's meta labels. The requirements are ANDed." + type: "object" + type: "object" + replicas: + description: "Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value\nother than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy\nthat can be run in a high availability mode is consistent-hashing." + format: "int32" + type: "integer" + resources: + description: "Resources to set on the OpenTelemetryTargetAllocator containers." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + securityContext: + description: "SecurityContext configures the container security context for\nthe target-allocator." + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + fsGroupChangePolicy: + description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" + runAsGroup: + description: "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + runAsNonRoot: + description: "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "boolean" + runAsUser: + description: "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows." + format: "int64" + type: "integer" + seLinuxOptions: + description: "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows." + properties: + level: + description: "Level is SELinux level label that applies to the container." + type: "string" + role: + description: "Role is a SELinux role label that applies to the container." + type: "string" + type: + description: "Type is a SELinux type label that applies to the container." + type: "string" + user: + description: "User is a SELinux user label that applies to the container." + type: "string" + type: "object" + seccompProfile: + description: "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows." + properties: + localhostProfile: + description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." + type: "string" + type: + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + type: "string" + required: + - "type" + type: "object" + supplementalGroups: + description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + items: + format: "int64" + type: "integer" + type: "array" + sysctls: + description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." + items: + description: "Sysctl defines a kernel parameter to be set" + properties: + name: + description: "Name of a property to set" + type: "string" + value: + description: "Value of a property to set" + type: "string" + required: + - "name" + - "value" + type: "object" + type: "array" + windowsOptions: + description: "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux." + properties: + gmsaCredentialSpec: + description: "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field." + type: "string" + gmsaCredentialSpecName: + description: "GMSACredentialSpecName is the name of the GMSA credential spec to use." + type: "string" + hostProcess: + description: "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true." + type: "boolean" + runAsUserName: + description: "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence." + type: "string" + type: "object" + type: "object" + serviceAccount: + description: "ServiceAccount indicates the name of an existing service account to use with this instance. When set,\nthe operator will not automatically create a ServiceAccount for the TargetAllocator." + type: "string" + tolerations: + description: "Toleration embedded kubernetes pod configuration option,\ncontrols how pods can be scheduled with matching taints" + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" + topologySpreadConstraints: + description: "TopologySpreadConstraints embedded kubernetes pod configuration option,\ncontrols how pods are spread across your cluster among failure-domains\nsuch as regions, zones, nodes, and other user-defined topology domains\nhttps://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/" + items: + description: "TopologySpreadConstraint specifies how to spread matching pods among the given topology." + properties: + labelSelector: + description: "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + maxSkew: + description: "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed." + format: "int32" + type: "integer" + minDomains: + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.\n\n\nThis is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: "int32" + type: "integer" + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: "string" + topologyKey: + description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." + type: "string" + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field." + type: "string" + required: + - "maxSkew" + - "topologyKey" + - "whenUnsatisfiable" + type: "object" + type: "array" + type: "object" terminationGracePeriodSeconds: description: "Duration in seconds the pod needs to terminate gracefully upon probe failure." format: "int64" diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml index 2548dde63..9d792f57b 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.k8s.aws/v1/ec2nodeclasses.yaml @@ -84,7 +84,7 @@ spec: tags: additionalProperties: type: "string" - description: "Tags is a map of key/value tags used to select subnets\nSpecifying '*' for a value selects all values for a given tag key." + description: "Tags is a map of key/value tags used to select amis.\nSpecifying '*' for a value selects all values for a given tag key." maxProperties: 20 type: "object" x-kubernetes-validations: @@ -334,7 +334,7 @@ spec: tags: additionalProperties: type: "string" - description: "Tags is a map of key/value tags used to select subnets\nSpecifying '*' for a value selects all values for a given tag key." + description: "Tags is a map of key/value tags used to select security groups.\nSpecifying '*' for a value selects all values for a given tag key." maxProperties: 20 type: "object" x-kubernetes-validations: @@ -512,7 +512,7 @@ spec: description: "InstanceProfile contains the resolved instance profile for the role" type: "string" securityGroups: - description: "SecurityGroups contains the current Security Groups values that are available to the\ncluster under the SecurityGroups selectors." + description: "SecurityGroups contains the current security group values that are available to the\ncluster under the SecurityGroups selectors." items: description: "SecurityGroup contains resolved SecurityGroup selector values utilized for node launch" properties: @@ -527,7 +527,7 @@ spec: type: "object" type: "array" subnets: - description: "Subnets contains the current Subnet values that are available to the\ncluster under the subnet selectors." + description: "Subnets contains the current subnet values that are available to the\ncluster under the subnet selectors." items: description: "Subnet contains resolved Subnet selector values utilized for node launch" properties: diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml index f915fce2f..c9b5e9b6f 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodeclaims.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "nodeclaims.karpenter.sh" spec: group: "karpenter.sh" @@ -74,12 +74,21 @@ spec: description: "API version of the referent" pattern: "^[^/]*$" type: "string" + x-kubernetes-validations: + - message: "group may not be empty" + rule: "self != ''" kind: description: "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"" type: "string" + x-kubernetes-validations: + - message: "kind may not be empty" + rule: "self != ''" name: description: "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" + x-kubernetes-validations: + - message: "name may not be empty" + rule: "self != ''" required: - "group" - "kind" @@ -105,7 +114,7 @@ spec: - message: "label \"kubernetes.io/hostname\" is restricted" rule: "self != \"kubernetes.io/hostname\"" - message: "label domain \"karpenter.k8s.aws\" is restricted" - rule: "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" + rule: "self in [\"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\", \"karpenter.k8s.aws/instance-cpu-manufacturer\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" minValues: description: "This field is ALPHA and can be dropped or replaced at any time\nMinValues is the minimum number of unique values required to define the flexibility of the specific requirement." maximum: 50.0 diff --git a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml index ad5eed418..801075601 100644 --- a/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml +++ b/crd-catalog/aws/karpenter-provider-aws/karpenter.sh/v1/nodepools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "nodepools.karpenter.sh" spec: group: "karpenter.sh" @@ -78,9 +78,9 @@ spec: pattern: "^((100|[0-9]{1,2})%|[0-9]+)$" type: "string" reasons: - description: "Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods.\nOtherwise, this will apply to each reason defined.\nallowed reasons are Underutilized, Empty, and Drifted and additional CloudProvider-specific reasons." + description: "Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods.\nOtherwise, this will apply to each reason defined.\nallowed reasons are Underutilized, Empty, and Drifted." items: - description: "DisruptionReason defines valid reasons for disruption budgets.\nCloudProviders will need to append to the list of enums when implementing cloud provider disruption reasons" + description: "DisruptionReason defines valid reasons for disruption budgets." enum: - "Underutilized" - "Empty" @@ -152,7 +152,7 @@ spec: - message: "label \"kubernetes.io/hostname\" is restricted" rule: "self.all(x, x != \"kubernetes.io/hostname\")" - message: "label domain \"karpenter.k8s.aws\" is restricted" - rule: "self.all(x, x in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))" + rule: "self.all(x, x in [\"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\", \"karpenter.k8s.aws/instance-cpu-manufacturer\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !x.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\"))" type: "object" spec: description: "NodeClaimTemplateSpec describes the desired state of the NodeClaim in the Nodepool\nNodeClaimTemplateSpec is used in the NodePool's NodeClaimTemplate, with the resource requests omitted since\nusers are not able to set resource requests in the NodePool." @@ -169,17 +169,31 @@ spec: description: "API version of the referent" pattern: "^[^/]*$" type: "string" + x-kubernetes-validations: + - message: "group may not be empty" + rule: "self != ''" kind: description: "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"" type: "string" + x-kubernetes-validations: + - message: "kind may not be empty" + rule: "self != ''" name: description: "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names" type: "string" + x-kubernetes-validations: + - message: "name may not be empty" + rule: "self != ''" required: - "group" - "kind" - "name" type: "object" + x-kubernetes-validations: + - message: "nodeClassRef.group is immutable" + rule: "self.group == oldSelf.group" + - message: "nodeClassRef.kind is immutable" + rule: "self.kind == oldSelf.kind" requirements: description: "Requirements are layered with GetLabels and applied to every node." items: @@ -202,7 +216,7 @@ spec: - message: "label \"kubernetes.io/hostname\" is restricted" rule: "self != \"kubernetes.io/hostname\"" - message: "label domain \"karpenter.k8s.aws\" is restricted" - rule: "self in [\"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\",\"karpenter.k8s.aws/instance-cpu-manufacturer\",\"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" + rule: "self in [\"karpenter.k8s.aws/ec2nodeclass\", \"karpenter.k8s.aws/instance-encryption-in-transit-supported\", \"karpenter.k8s.aws/instance-category\", \"karpenter.k8s.aws/instance-hypervisor\", \"karpenter.k8s.aws/instance-family\", \"karpenter.k8s.aws/instance-generation\", \"karpenter.k8s.aws/instance-local-nvme\", \"karpenter.k8s.aws/instance-size\", \"karpenter.k8s.aws/instance-cpu\", \"karpenter.k8s.aws/instance-cpu-manufacturer\", \"karpenter.k8s.aws/instance-cpu-sustained-clock-speed-mhz\", \"karpenter.k8s.aws/instance-memory\", \"karpenter.k8s.aws/instance-ebs-bandwidth\", \"karpenter.k8s.aws/instance-network-bandwidth\", \"karpenter.k8s.aws/instance-gpu-name\", \"karpenter.k8s.aws/instance-gpu-manufacturer\", \"karpenter.k8s.aws/instance-gpu-count\", \"karpenter.k8s.aws/instance-gpu-memory\", \"karpenter.k8s.aws/instance-accelerator-name\", \"karpenter.k8s.aws/instance-accelerator-manufacturer\", \"karpenter.k8s.aws/instance-accelerator-count\"] || !self.find(\"^([^/]+)\").endsWith(\"karpenter.k8s.aws\")" minValues: description: "This field is ALPHA and can be dropped or replaced at any time\nMinValues is the minimum number of unique values required to define the flexibility of the specific requirement." maximum: 50.0 diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml index cb13bde80..480a4cae1 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwideenvoyconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumclusterwideenvoyconfigs.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml index f4fe85468..aa1615d58 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumclusterwidenetworkpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumclusterwidenetworkpolicies.cilium.io" spec: group: "cilium.io" @@ -119,6 +119,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -129,6 +133,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -215,10 +260,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -420,10 +467,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -724,6 +773,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -734,6 +787,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -1107,6 +1201,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -1117,6 +1215,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -1460,10 +1599,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -1625,6 +1766,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -1635,6 +1780,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -2030,6 +2216,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -2040,6 +2230,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -2126,10 +2357,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -2331,10 +2564,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -2635,6 +2870,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -2645,6 +2884,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -3018,6 +3298,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -3028,6 +3312,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -3371,10 +3696,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -3536,6 +3863,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -3546,6 +3877,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml index a4b00868f..59e376b15 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumegressgatewaypolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumegressgatewaypolicies.cilium.io" spec: group: "cilium.io" @@ -147,6 +147,47 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + nodeSelector: + description: "This is a label selector which selects Pods by Node. This field follows standard label\nselector semantics; if present but empty, it selects all nodes." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" podSelector: description: "This is a label selector which selects Pods. This field follows standard label\nselector semantics; if present but empty, it selects all pods." properties: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml index 83bd8e1c6..4aa32caf0 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumendpoints.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumendpoints.cilium.io" spec: group: "cilium.io" @@ -182,7 +182,7 @@ spec: description: "EndpointStatusChange Indication of a change of status\n\nswagger:model EndpointStatusChange" properties: code: - description: "Code indicate type of status change\nEnum: [ok failed]" + description: "Code indicate type of status change\nEnum: [\"ok\",\"failed\"]" type: "string" message: description: "Status message" @@ -207,7 +207,7 @@ spec: description: "Layer 4 port number" type: "integer" protocol: - description: "Layer 4 protocol\nEnum: [TCP UDP SCTP ICMP ICMPV6 ANY]" + description: "Layer 4 protocol\nEnum: [\"TCP\",\"UDP\",\"SCTP\",\"ICMP\",\"ICMPV6\",\"ANY\"]" type: "string" type: "object" type: "array" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml index e761dc16d..d92b4e2af 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumenvoyconfigs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumenvoyconfigs.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml index 2257422fb..34bc7c6b2 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumexternalworkloads.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumexternalworkloads.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml index ed21b8ec0..272402cf5 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumidentities.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumidentities.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml index e789f7ad4..6334f684d 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumlocalredirectpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumlocalredirectpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml index 8c42caae3..f4ee05403 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnetworkpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumnetworkpolicies.cilium.io" spec: group: "cilium.io" @@ -123,6 +123,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -133,6 +137,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -219,10 +264,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -424,10 +471,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -728,6 +777,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -738,6 +791,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -1111,6 +1205,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -1121,6 +1219,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -1464,10 +1603,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -1629,6 +1770,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -1639,6 +1784,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -2034,6 +2220,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -2044,6 +2234,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -2130,10 +2361,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -2335,10 +2568,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -2639,6 +2874,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -2649,6 +2888,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -3022,6 +3302,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -3032,6 +3316,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: @@ -3375,10 +3700,12 @@ spec: properties: matchName: description: "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing." + maxLength: 255 pattern: "^([-a-zA-Z0-9_]+[.]?)+$" type: "string" matchPattern: description: "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not" + maxLength: 255 pattern: "^([-a-zA-Z0-9_*]+[.]?)+$" type: "string" type: "object" @@ -3540,6 +3867,10 @@ spec: cidrGroupRef: {} required: - "cidrGroupRef" + - properties: + cidrGroupSelector: {} + required: + - "cidrGroupSelector" properties: cidr: description: "CIDR is a CIDR prefix / IP Block." @@ -3550,6 +3881,47 @@ spec: maxLength: 253 pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" + cidrGroupSelector: + description: "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + enum: + - "In" + - "NotIn" + - "Exists" + - "DoesNotExist" + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + description: "MatchLabelsValue represents the value from the MatchLabels {key,value} pair." + maxLength: 63 + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" except: description: "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules." items: diff --git a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml index 929a41a5e..b4b5ddaf2 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2/ciliumnodes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumnodes.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml index 4a74d1bff..851c2eece 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumbgppeeringpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumbgppeeringpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml index 0d6988a95..68862027c 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumcidrgroups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumcidrgroups.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml index 0fc4e302b..51f8dcecb 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumendpointslices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumendpointslices.cilium.io" spec: group: "cilium.io" @@ -56,7 +56,7 @@ spec: description: "Layer 4 port number" type: "integer" protocol: - description: "Layer 4 protocol\nEnum: [TCP UDP SCTP ICMP ICMPV6 ANY]" + description: "Layer 4 protocol\nEnum: [\"TCP\",\"UDP\",\"SCTP\",\"ICMP\",\"ICMPV6\",\"ANY\"]" type: "string" type: "object" type: "array" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml index 6529a048a..b5665798a 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliuml2announcementpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliuml2announcementpolicies.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml index 909d5d78c..3d40784a1 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumloadbalancerippools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumloadbalancerippools.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml index f80379454..aac9336b6 100644 --- a/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml +++ b/crd-catalog/cilium/cilium/cilium.io/v2alpha1/ciliumpodippools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.3" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ciliumpodippools.cilium.io" spec: group: "cilium.io" diff --git a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml index c1485bf0a..1b2e3130b 100644 --- a/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml +++ b/crd-catalog/cloudnative-pg/cloudnative-pg/postgresql.cnpg.io/v1/clusters.yaml @@ -950,6 +950,9 @@ spec: initdb: description: "Bootstrap the cluster via initdb" properties: + builtinLocale: + description: "Specifies the locale name when the builtin provider is used.\nThis option requires `localeProvider` to be set to `builtin`.\nAvailable from PostgreSQL 17." + type: "string" dataChecksums: description: "Whether the `-k` option should be passed to initdb,\nenabling checksums on data pages (default: `false`)" type: "boolean" @@ -959,6 +962,12 @@ spec: encoding: description: "The value to be passed as option `--encoding` for initdb (default:`UTF8`)" type: "string" + icuLocale: + description: "Specifies the ICU locale when the ICU provider is used.\nThis option requires `localeProvider` to be set to `icu`.\nAvailable from PostgreSQL 15." + type: "string" + icuRules: + description: "Specifies additional collation rules to customize the behavior of the default collation.\nThis option requires `localeProvider` to be set to `icu`.\nAvailable from PostgreSQL 16." + type: "string" import: description: "Bootstraps the new cluster by importing data from an existing PostgreSQL\ninstance using logical backup (`pg_dump` and `pg_restore`)" properties: @@ -967,6 +976,16 @@ spec: items: type: "string" type: "array" + pgDumpExtraOptions: + description: "List of custom options to pass to the `pg_dump` command. IMPORTANT:\nUse these options with caution and at your own risk, as the operator\ndoes not validate their content. Be aware that certain options may\nconflict with the operator's intended functionality or design." + items: + type: "string" + type: "array" + pgRestoreExtraOptions: + description: "List of custom options to pass to the `pg_restore` command. IMPORTANT:\nUse these options with caution and at your own risk, as the operator\ndoes not validate their content. Be aware that certain options may\nconflict with the operator's intended functionality or design." + items: + type: "string" + type: "array" postImportApplicationSQL: description: "List of SQL queries to be executed as a superuser in the application\ndatabase right after is imported - to be used with extreme care\n(by default empty). Only available in microservice type." items: @@ -1000,12 +1019,18 @@ spec: - "source" - "type" type: "object" + locale: + description: "Sets the default collation order and character classification in the new database." + type: "string" localeCType: description: "The value to be passed as option `--lc-ctype` for initdb (default:`C`)" type: "string" localeCollate: description: "The value to be passed as option `--lc-collate` for initdb (default:`C`)" type: "string" + localeProvider: + description: "This option sets the locale provider for databases created in the new cluster.\nAvailable from PostgreSQL 16." + type: "string" options: description: "The list of options that must be passed to initdb when creating the cluster.\nDeprecated: This could lead to inconsistent configurations,\nplease use the explicit provided parameters instead.\nIf defined, explicit values will be ignored." items: @@ -1152,6 +1177,13 @@ spec: minimum: 1.0 type: "integer" type: "object" + x-kubernetes-validations: + - message: "builtinLocale is only available when localeProvider is set to `builtin`" + rule: "!has(self.builtinLocale) || self.localeProvider == 'builtin'" + - message: "icuLocale is only available when localeProvider is set to `icu`" + rule: "!has(self.icuLocale) || self.localeProvider == 'icu'" + - message: "icuRules is only available when localeProvider is set to `icu`" + rule: "!has(self.icuRules) || self.localeProvider == 'icu'" pg_basebackup: description: "Bootstrap the cluster taking a physical backup of another compatible\nPostgreSQL instance" properties: @@ -2112,16 +2144,11 @@ spec: description: "ManagedService represents a specific service managed by the cluster.\nIt includes the type of service and its associated template specification." properties: selectorType: - allOf: - - enum: - - "rw" - - "r" - - "ro" - - enum: - - "rw" - - "r" - - "ro" description: "SelectorType specifies the type of selectors that the service will have.\nValid values are \"rw\", \"r\", and \"ro\", representing read-write, read, and read-only services." + enum: + - "rw" + - "r" + - "ro" type: "string" serviceTemplate: description: "ServiceTemplate is the template specification for the service." @@ -2677,6 +2704,94 @@ spec: priorityClassName: description: "Name of the priority class which will be used in every generated Pod, if the PriorityClass\nspecified does not exist, the pod will not be able to schedule. Please refer to\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass\nfor more information" type: "string" + probes: + description: "The configuration of the probes to be injected\nin the PostgreSQL Pods." + properties: + liveness: + description: "The liveness probe configuration" + properties: + failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." + format: "int32" + type: "integer" + initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + format: "int32" + type: "integer" + periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." + format: "int32" + type: "integer" + successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + format: "int32" + type: "integer" + terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + format: "int64" + type: "integer" + timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + format: "int32" + type: "integer" + type: "object" + readiness: + description: "The readiness probe configuration" + properties: + failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." + format: "int32" + type: "integer" + initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + format: "int32" + type: "integer" + periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." + format: "int32" + type: "integer" + successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + format: "int32" + type: "integer" + terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + format: "int64" + type: "integer" + timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + format: "int32" + type: "integer" + type: "object" + startup: + description: "The startup probe configuration" + properties: + failureThreshold: + description: "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1." + format: "int32" + type: "integer" + initialDelaySeconds: + description: "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + format: "int32" + type: "integer" + periodSeconds: + description: "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1." + format: "int32" + type: "integer" + successThreshold: + description: "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1." + format: "int32" + type: "integer" + terminationGracePeriodSeconds: + description: "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset." + format: "int64" + type: "integer" + timeoutSeconds: + description: "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" + format: "int32" + type: "integer" + type: "object" + type: "object" projectedVolumeTemplate: description: "Template to be used to define projected volumes, projected volumes will be mounted\nunder `/projected` base folder" properties: @@ -3796,6 +3911,11 @@ spec: items: type: "string" type: "array" + restoreJobHookCapabilities: + description: "RestoreJobHookCapabilities are the list of capabilities of the\nplugin regarding the RestoreJobHook management" + items: + type: "string" + type: "array" status: description: "Status contain the status reported by the plugin through the SetStatusInCluster interface" type: "string" diff --git a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml index e142fe477..7dda5a03b 100644 --- a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml +++ b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1/valssecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "valssecrets.digitalis.io" spec: group: "digitalis.io" @@ -19,10 +19,10 @@ spec: description: "ValsSecret is the Schema for the valssecrets API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -37,7 +37,7 @@ spec: description: "Encoding type for the secret. Only base64 supported. Optional" type: "string" ref: - description: "Ref value to the secret in the format ref+backend://path https://github.com/helmfile/vals" + description: "Ref value to the secret in the format ref+backend://path\nhttps://github.com/helmfile/vals" type: "string" required: - "ref" @@ -94,6 +94,21 @@ spec: type: "array" name: type: "string" + rollout: + items: + description: "RolloutTarget sets up what deployment or sts to restart" + properties: + kind: + description: "Kind is either Deployment, Pod or StatefulSet" + type: "string" + name: + description: "Name is the object name" + type: "string" + required: + - "kind" + - "name" + type: "object" + type: "array" template: additionalProperties: type: "string" diff --git a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml index 09164525f..b881d9a01 100644 --- a/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml +++ b/crd-catalog/digitalis-io/vals-operator/digitalis.io/v1beta1/dbsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.10.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "dbsecrets.digitalis.io" spec: group: "digitalis.io" @@ -19,10 +19,10 @@ spec: description: "DbSecret is the Schema for the dbsecrets API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml index 0b7aebb3b..e40264249 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxbrokers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxbrokers.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml index 58cc79b34..3c30d0084 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxenterprises.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxenterprises.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml index c3d1dd521..5f53fc39d 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta3/emqxplugins.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxplugins.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml index e4a3e03cf..87f150d0a 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxbrokers.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxbrokers.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml index c1f856674..3053e501e 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxenterprises.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxenterprises.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml index 97ba02256..a5c068e40 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/emqxplugins.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxplugins.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml index cce96884b..5c2556a98 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v1beta4/rebalances.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "rebalances.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml index a427c7994..cf6f0c085 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2alpha1/emqxes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxes.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml index 28aae2dcd..32917f892 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/emqxes.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "emqxes.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml index 9245a0755..b2c2cc9d8 100644 --- a/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml +++ b/crd-catalog/emqx/emqx-operator/apps.emqx.io/v2beta1/rebalances.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "rebalances.apps.emqx.io" spec: group: "apps.emqx.io" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml index 5d01fce5b..e5a16794d 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/clustersecretstores.yaml @@ -73,13 +73,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Akeyless. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -92,9 +101,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -110,39 +125,66 @@ spec: description: "The SecretAccessID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessType: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessTypeParam: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -155,13 +197,22 @@ spec: description: "The provider for the CA bundle to use to validate Akeyless Gateway certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -207,26 +258,44 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessKeySecretSecretRef: description: "The AccessKeySecret is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -260,9 +329,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -275,26 +350,44 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretAccessKeySecretRef: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -325,26 +418,44 @@ spec: description: "The Azure clientId of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientSecret: description: "The Azure ClientSecret of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -369,9 +480,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -420,13 +537,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -448,9 +574,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -477,13 +609,22 @@ spec: description: "AccessToken is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -511,13 +652,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -542,29 +692,47 @@ spec: description: "has both clientCert and clientKey as secretKeySelector" properties: clientCert: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientKey: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -581,9 +749,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -593,16 +767,25 @@ spec: description: "use static token to authenticate with" properties: bearerToken: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -610,6 +793,9 @@ spec: remoteNamespace: default: "default" description: "Remote namespace to fetch the secrets from" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" server: description: "configures the Kubernetes server Address." @@ -622,13 +808,22 @@ spec: description: "see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider" properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -661,26 +856,44 @@ spec: description: "Fingerprint is the fingerprint of the API private key." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" privatekey: description: "PrivateKey is the user's API Signing Key in PEM format, used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -725,9 +938,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -751,13 +970,22 @@ spec: description: "Username / Password is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -795,13 +1023,22 @@ spec: description: "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -816,26 +1053,44 @@ spec: description: "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretRef: description: "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -864,9 +1119,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -885,13 +1146,22 @@ spec: description: "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -911,13 +1181,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -930,9 +1209,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -952,13 +1237,22 @@ spec: description: "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" username: @@ -972,13 +1266,22 @@ spec: description: "TokenSecretRef authenticates with Vault by presenting a token." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -990,13 +1293,22 @@ spec: description: "The provider for the CA bundle to use to validate Vault server certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -1048,13 +1360,22 @@ spec: description: "The provider for the CA bundle to use to validate webhook server certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -1092,13 +1413,22 @@ spec: description: "Secret ref to fill in credentials" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1129,13 +1459,22 @@ spec: description: "The authorized key used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1143,16 +1482,25 @@ spec: description: "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." properties: certSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml index 0fe1b2e63..e4991b30d 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/externalsecrets.yaml @@ -74,6 +74,10 @@ spec: - "key" type: "object" secretKey: + description: "The key in the Kubernetes Secret to store the value." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" required: - "remoteRef" @@ -114,19 +118,23 @@ spec: properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" target: description: "ExternalSecretTarget defines the Kubernetes Secret to be created\nThere can be only one target per ExternalSecret." properties: creationPolicy: default: "Owner" - description: "CreationPolicy defines rules on how to create the resulting Secret\nDefaults to 'Owner'" + description: "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"" enum: - "Owner" - "Merge" @@ -136,7 +144,10 @@ spec: description: "Immutable defines if the final secret will be immutable" type: "boolean" name: - description: "Name defines the name of the Secret resource to be managed\nThis field is immutable\nDefaults to the .metadata.name of the ExternalSecret resource" + description: "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" template: description: "Template defines a blueprint for the created Secret resource." @@ -172,15 +183,24 @@ spec: configMap: properties: items: + description: "A list of keys in the ConfigMap/Secret to use as templates for Secret data" items: properties: key: + description: "A key in the ConfigMap/Secret" + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" required: - "key" type: "object" type: "array" name: + description: "The name of the ConfigMap/Secret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "items" @@ -189,15 +209,24 @@ spec: secret: properties: items: + description: "A list of keys in the ConfigMap/Secret to use as templates for Secret data" items: properties: key: + description: "A key in the ConfigMap/Secret" + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" required: - "key" type: "object" type: "array" name: + description: "The name of the ConfigMap/Secret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "items" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml index 934b8b717..04d1ab81b 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1alpha1/secretstores.yaml @@ -73,13 +73,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Akeyless. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -92,9 +101,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -110,39 +125,66 @@ spec: description: "The SecretAccessID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessType: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessTypeParam: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -155,13 +197,22 @@ spec: description: "The provider for the CA bundle to use to validate Akeyless Gateway certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -207,26 +258,44 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessKeySecretSecretRef: description: "The AccessKeySecret is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -260,9 +329,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -275,26 +350,44 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretAccessKeySecretRef: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -325,26 +418,44 @@ spec: description: "The Azure clientId of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientSecret: description: "The Azure ClientSecret of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -369,9 +480,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -420,13 +537,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -448,9 +574,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -477,13 +609,22 @@ spec: description: "AccessToken is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -511,13 +652,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -542,29 +692,47 @@ spec: description: "has both clientCert and clientKey as secretKeySelector" properties: clientCert: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientKey: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -581,9 +749,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -593,16 +767,25 @@ spec: description: "use static token to authenticate with" properties: bearerToken: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -610,6 +793,9 @@ spec: remoteNamespace: default: "default" description: "Remote namespace to fetch the secrets from" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" server: description: "configures the Kubernetes server Address." @@ -622,13 +808,22 @@ spec: description: "see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider" properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -661,26 +856,44 @@ spec: description: "Fingerprint is the fingerprint of the API private key." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" privatekey: description: "PrivateKey is the user's API Signing Key in PEM format, used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -725,9 +938,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -751,13 +970,22 @@ spec: description: "Username / Password is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -795,13 +1023,22 @@ spec: description: "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -816,26 +1053,44 @@ spec: description: "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretRef: description: "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -864,9 +1119,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -885,13 +1146,22 @@ spec: description: "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -911,13 +1181,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -930,9 +1209,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -952,13 +1237,22 @@ spec: description: "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" username: @@ -972,13 +1266,22 @@ spec: description: "TokenSecretRef authenticates with Vault by presenting a token." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -990,13 +1293,22 @@ spec: description: "The provider for the CA bundle to use to validate Vault server certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -1048,13 +1360,22 @@ spec: description: "The provider for the CA bundle to use to validate webhook server certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -1092,13 +1413,22 @@ spec: description: "Secret ref to fill in credentials" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1129,13 +1459,22 @@ spec: description: "The authorized key used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1143,16 +1482,25 @@ spec: description: "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." properties: certSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml index 7613e694a..946d2f4fc 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clusterexternalsecrets.yaml @@ -58,7 +58,10 @@ spec: type: "object" type: "object" externalSecretName: - description: "The name of the external secrets to be created defaults to the name of the ClusterExternalSecret" + description: "The name of the external secrets to be created.\nDefaults to the name of the ClusterExternalSecret" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" externalSecretSpec: description: "The spec for the ExternalSecrets to be created" @@ -107,11 +110,15 @@ spec: - "key" type: "object" secretKey: - description: "SecretKey defines the key in which the controller stores\nthe value. This is the key in the Kind=Secret" + description: "The key in the Kubernetes Secret to store the value." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" sourceRef: - description: "SourceRef allows you to override the source\nfrom which the value will pulled from." + description: "SourceRef allows you to override the source\nfrom which the value will be pulled." maxProperties: 1 + minProperties: 1 properties: generatorRef: description: "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1." @@ -121,10 +128,25 @@ spec: description: "Specify the apiVersion of the generator resource" type: "string" kind: - description: "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc." + description: "Specify the Kind of the generator resource" + enum: + - "ACRAccessToken" + - "ClusterGenerator" + - "ECRAuthorizationToken" + - "Fake" + - "GCRAccessToken" + - "GithubAccessToken" + - "Password" + - "STSSessionToken" + - "UUID" + - "VaultDynamicSecret" + - "Webhook" type: "string" name: description: "Specify the name of the generator resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "kind" @@ -135,12 +157,16 @@ spec: properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" type: "object" required: @@ -256,6 +282,7 @@ spec: sourceRef: description: "SourceRef points to a store or generator\nwhich contains secret values ready to use.\nUse this in combination with Extract or Find pull values out of\na specific SecretStore.\nWhen sourceRef points to a generator Extract or Find is not supported.\nThe generator returns a static map of values" maxProperties: 1 + minProperties: 1 properties: generatorRef: description: "GeneratorRef points to a generator custom resource." @@ -265,10 +292,25 @@ spec: description: "Specify the apiVersion of the generator resource" type: "string" kind: - description: "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc." + description: "Specify the Kind of the generator resource" + enum: + - "ACRAccessToken" + - "ClusterGenerator" + - "ECRAuthorizationToken" + - "Fake" + - "GCRAccessToken" + - "GithubAccessToken" + - "Password" + - "STSSessionToken" + - "UUID" + - "VaultDynamicSecret" + - "Webhook" type: "string" name: description: "Specify the name of the generator resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "kind" @@ -279,31 +321,39 @@ spec: properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" type: "object" type: "object" type: "array" refreshInterval: default: "1h" - description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nMay be set to zero to fetch and create it once. Defaults to 1h." + description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"5d\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h." type: "string" secretStoreRef: description: "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data." properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" target: default: @@ -313,7 +363,7 @@ spec: properties: creationPolicy: default: "Owner" - description: "CreationPolicy defines rules on how to create the resulting Secret\nDefaults to 'Owner'" + description: "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"" enum: - "Owner" - "Orphan" @@ -322,7 +372,7 @@ spec: type: "string" deletionPolicy: default: "Retain" - description: "DeletionPolicy defines rules on how to delete the resulting Secret\nDefaults to 'Retain'" + description: "DeletionPolicy defines rules on how to delete the resulting Secret.\nDefaults to \"Retain\"" enum: - "Delete" - "Merge" @@ -332,7 +382,10 @@ spec: description: "Immutable defines if the final secret will be immutable" type: "boolean" name: - description: "Name defines the name of the Secret resource to be managed\nThis field is immutable\nDefaults to the .metadata.name of the ExternalSecret resource" + description: "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" template: description: "Template defines a blueprint for the created Secret resource." @@ -372,9 +425,14 @@ spec: configMap: properties: items: + description: "A list of keys in the ConfigMap/Secret to use as templates for Secret data" items: properties: key: + description: "A key in the ConfigMap/Secret" + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" templateAs: default: "Values" @@ -387,6 +445,10 @@ spec: type: "object" type: "array" name: + description: "The name of the ConfigMap/Secret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "items" @@ -397,9 +459,14 @@ spec: secret: properties: items: + description: "A list of keys in the ConfigMap/Secret to use as templates for Secret data" items: properties: key: + description: "A key in the ConfigMap/Secret" + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" templateAs: default: "Values" @@ -412,6 +479,10 @@ spec: type: "object" type: "array" name: + description: "The name of the ConfigMap/Secret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "items" @@ -503,6 +574,9 @@ spec: namespaces: description: "Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing." items: + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "array" refreshTime: diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml index 8ba18111b..7ba2af787 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/clustersecretstores.yaml @@ -94,6 +94,9 @@ spec: namespaces: description: "Choose namespaces by name" items: + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "array" type: "object" @@ -128,13 +131,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Akeyless. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -147,9 +159,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -165,39 +183,66 @@ spec: description: "The SecretAccessID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessType: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessTypeParam: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -211,12 +256,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -262,26 +316,44 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessKeySecretSecretRef: description: "The AccessKeySecret is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -320,9 +392,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -335,39 +413,66 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretAccessKeySecretRef: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" sessionTokenSecretRef: description: "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -433,52 +538,88 @@ spec: description: "The Azure ClientCertificate of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientId: description: "The Azure clientId of the service principle or managed identity used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientSecret: description: "The Azure ClientSecret of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" tenantId: description: "The Azure tenantId of the managed identity used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -512,9 +653,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -534,20 +681,58 @@ spec: auth: description: "Auth configures how the operator authenticates with Beyondtrust." properties: + apiKey: + description: "APIKey If not provided then ClientID/ClientSecret become required." + properties: + secretRef: + description: "SecretRef references a key in a secret that will be used as value." + properties: + key: + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" + type: "string" + name: + description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + namespace: + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + type: "object" + value: + description: "Value can be specified directly to set a value without using a secret." + type: "string" + type: "object" certificate: - description: "Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate." + description: "Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate." properties: secretRef: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -561,13 +746,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -575,18 +769,28 @@ spec: type: "string" type: "object" clientId: + description: "ClientID is the API OAuth Client ID." properties: secretRef: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -594,27 +798,34 @@ spec: type: "string" type: "object" clientSecret: + description: "ClientSecret is the API OAuth Client Secret." properties: secretRef: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: description: "Value can be specified directly to set a value without using a secret." type: "string" type: "object" - required: - - "clientId" - - "clientSecret" type: "object" server: description: "Auth configures how API server works." @@ -655,13 +866,22 @@ spec: description: "AccessToken used for the bitwarden instance." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -680,12 +900,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -723,13 +952,22 @@ spec: description: "SecretKey is the Signing Key in PEM format, used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -759,29 +997,47 @@ spec: account: type: "string" apiKeyRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" userRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -800,13 +1056,22 @@ spec: description: "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Conjur using the JWT authentication method." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -819,9 +1084,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -841,12 +1112,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -874,13 +1154,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -894,13 +1183,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -933,13 +1231,22 @@ spec: description: "Username / Password is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -965,13 +1272,22 @@ spec: description: "The DopplerToken is used for authentication.\nSee https://docs.doppler.com/reference/api#authentication for auth token types.\nThe Key attribute defaults to dopplerToken if not specified." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1042,13 +1358,22 @@ spec: description: "SecretRef is a reference to a secret containing the SDKMS API Key." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1068,13 +1393,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1096,9 +1430,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -1128,13 +1468,22 @@ spec: description: "AccessToken is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1189,13 +1538,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1215,29 +1573,47 @@ spec: universalAuthCredentials: properties: clientId: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientSecret: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1272,16 +1648,25 @@ spec: description: "KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider" properties: authRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" folderID: @@ -1302,29 +1687,47 @@ spec: description: "has both clientCert and clientKey as secretKeySelector" properties: clientCert: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientKey: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1338,9 +1741,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -1349,16 +1758,25 @@ spec: description: "use static token to authenticate with" properties: bearerToken: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1367,18 +1785,30 @@ spec: description: "A reference to a secret that contains the auth information." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" remoteNamespace: default: "default" description: "Remote namespace to fetch the secrets from" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" server: description: "configures the Kubernetes server Address." @@ -1392,12 +1822,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -1429,26 +1868,44 @@ spec: description: "OnboardbaseAPIKey is the APIKey generated by an admin account.\nIt is used to recognize and authorize access to a project and environment within onboardbase" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" passcodeRef: description: "OnboardbasePasscode is the passcode attached to the API Key" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1482,13 +1939,22 @@ spec: description: "The ConnectToken is used for authentication to a 1Password Connect Server." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1523,26 +1989,44 @@ spec: description: "Fingerprint is the fingerprint of the API private key." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" privatekey: description: "PrivateKey is the user's API Signing Key in PEM format, used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1587,9 +2071,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -1607,29 +2097,47 @@ spec: description: "Auth defines the information necessary to authenticate against Passbolt Server" properties: passwordSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" privateKeySecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1655,13 +2163,22 @@ spec: description: "Username / Password is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1692,13 +2209,22 @@ spec: description: "The AccessToken is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1720,13 +2246,22 @@ spec: description: "SecretRef is a reference to a secret containing the Pulumi API token." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1759,13 +2294,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1788,13 +2332,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1817,13 +2370,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1840,13 +2402,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1867,16 +2438,25 @@ spec: clientId: type: "string" clientSecretSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1918,26 +2498,44 @@ spec: description: "Reference to a key in a Secret that contains the App Role ID used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role id." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretRef: description: "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1951,26 +2549,44 @@ spec: description: "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretRef: description: "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1993,9 +2609,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -2017,39 +2639,66 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretAccessKeySecretRef: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" sessionTokenSecretRef: description: "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2087,9 +2736,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -2108,13 +2763,22 @@ spec: description: "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -2134,13 +2798,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -2153,9 +2826,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -2175,13 +2854,22 @@ spec: description: "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" username: @@ -2198,13 +2886,22 @@ spec: description: "TokenSecretRef authenticates with Vault by presenting a token." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" userPass: @@ -2218,13 +2915,22 @@ spec: description: "SecretRef to a key in a Secret resource containing password for the\nuser used to authenticate with Vault using the UserPass authentication\nmethod" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" username: @@ -2244,12 +2950,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -2288,26 +3003,44 @@ spec: description: "CertSecretRef is a certificate added to the transport layer\nwhen communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.crt'." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" keySecretRef: description: "KeySecretRef to a key in a Secret resource containing client private key\nadded to the transport layer when communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.key'." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2336,13 +3069,22 @@ spec: description: "The provider for the CA bundle to use to validate webhook server certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -2380,13 +3122,22 @@ spec: description: "Secret ref to fill in credentials" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -2417,13 +3168,22 @@ spec: description: "The authorized key used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2431,16 +3191,25 @@ spec: description: "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." properties: certSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2460,13 +3229,22 @@ spec: description: "The authorized key used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2474,16 +3252,25 @@ spec: description: "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." properties: certSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml index 949e0c98b..9ce0dbbdd 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/externalsecrets.yaml @@ -92,11 +92,15 @@ spec: - "key" type: "object" secretKey: - description: "SecretKey defines the key in which the controller stores\nthe value. This is the key in the Kind=Secret" + description: "The key in the Kubernetes Secret to store the value." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" sourceRef: - description: "SourceRef allows you to override the source\nfrom which the value will pulled from." + description: "SourceRef allows you to override the source\nfrom which the value will be pulled." maxProperties: 1 + minProperties: 1 properties: generatorRef: description: "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1." @@ -106,10 +110,25 @@ spec: description: "Specify the apiVersion of the generator resource" type: "string" kind: - description: "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc." + description: "Specify the Kind of the generator resource" + enum: + - "ACRAccessToken" + - "ClusterGenerator" + - "ECRAuthorizationToken" + - "Fake" + - "GCRAccessToken" + - "GithubAccessToken" + - "Password" + - "STSSessionToken" + - "UUID" + - "VaultDynamicSecret" + - "Webhook" type: "string" name: description: "Specify the name of the generator resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "kind" @@ -120,12 +139,16 @@ spec: properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" type: "object" required: @@ -241,6 +264,7 @@ spec: sourceRef: description: "SourceRef points to a store or generator\nwhich contains secret values ready to use.\nUse this in combination with Extract or Find pull values out of\na specific SecretStore.\nWhen sourceRef points to a generator Extract or Find is not supported.\nThe generator returns a static map of values" maxProperties: 1 + minProperties: 1 properties: generatorRef: description: "GeneratorRef points to a generator custom resource." @@ -250,10 +274,25 @@ spec: description: "Specify the apiVersion of the generator resource" type: "string" kind: - description: "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc." + description: "Specify the Kind of the generator resource" + enum: + - "ACRAccessToken" + - "ClusterGenerator" + - "ECRAuthorizationToken" + - "Fake" + - "GCRAccessToken" + - "GithubAccessToken" + - "Password" + - "STSSessionToken" + - "UUID" + - "VaultDynamicSecret" + - "Webhook" type: "string" name: description: "Specify the name of the generator resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "kind" @@ -264,31 +303,39 @@ spec: properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" type: "object" type: "object" type: "array" refreshInterval: default: "1h" - description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nMay be set to zero to fetch and create it once. Defaults to 1h." + description: "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"5d\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h." type: "string" secretStoreRef: description: "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data." properties: kind: description: "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`" + enum: + - "SecretStore" + - "ClusterSecretStore" type: "string" name: description: "Name of the SecretStore resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" - required: - - "name" type: "object" target: default: @@ -298,7 +345,7 @@ spec: properties: creationPolicy: default: "Owner" - description: "CreationPolicy defines rules on how to create the resulting Secret\nDefaults to 'Owner'" + description: "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"" enum: - "Owner" - "Orphan" @@ -307,7 +354,7 @@ spec: type: "string" deletionPolicy: default: "Retain" - description: "DeletionPolicy defines rules on how to delete the resulting Secret\nDefaults to 'Retain'" + description: "DeletionPolicy defines rules on how to delete the resulting Secret.\nDefaults to \"Retain\"" enum: - "Delete" - "Merge" @@ -317,7 +364,10 @@ spec: description: "Immutable defines if the final secret will be immutable" type: "boolean" name: - description: "Name defines the name of the Secret resource to be managed\nThis field is immutable\nDefaults to the .metadata.name of the ExternalSecret resource" + description: "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" template: description: "Template defines a blueprint for the created Secret resource." @@ -357,9 +407,14 @@ spec: configMap: properties: items: + description: "A list of keys in the ConfigMap/Secret to use as templates for Secret data" items: properties: key: + description: "A key in the ConfigMap/Secret" + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" templateAs: default: "Values" @@ -372,6 +427,10 @@ spec: type: "object" type: "array" name: + description: "The name of the ConfigMap/Secret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "items" @@ -382,9 +441,14 @@ spec: secret: properties: items: + description: "A list of keys in the ConfigMap/Secret to use as templates for Secret data" items: properties: key: + description: "A key in the ConfigMap/Secret" + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" templateAs: default: "Values" @@ -397,6 +461,10 @@ spec: type: "object" type: "array" name: + description: "The name of the ConfigMap/Secret resource" + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" required: - "items" diff --git a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml index 5dd192ec0..00f8764f6 100644 --- a/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml +++ b/crd-catalog/external-secrets/external-secrets/external-secrets.io/v1beta1/secretstores.yaml @@ -94,6 +94,9 @@ spec: namespaces: description: "Choose namespaces by name" items: + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "array" type: "object" @@ -128,13 +131,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Akeyless. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -147,9 +159,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -165,39 +183,66 @@ spec: description: "The SecretAccessID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessType: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessTypeParam: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -211,12 +256,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -262,26 +316,44 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" accessKeySecretSecretRef: description: "The AccessKeySecret is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -320,9 +392,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -335,39 +413,66 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretAccessKeySecretRef: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" sessionTokenSecretRef: description: "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -433,52 +538,88 @@ spec: description: "The Azure ClientCertificate of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientId: description: "The Azure clientId of the service principle or managed identity used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientSecret: description: "The Azure ClientSecret of the service principle used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" tenantId: description: "The Azure tenantId of the managed identity used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -512,9 +653,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -534,20 +681,58 @@ spec: auth: description: "Auth configures how the operator authenticates with Beyondtrust." properties: + apiKey: + description: "APIKey If not provided then ClientID/ClientSecret become required." + properties: + secretRef: + description: "SecretRef references a key in a secret that will be used as value." + properties: + key: + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" + type: "string" + name: + description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + type: "string" + namespace: + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + type: "string" + type: "object" + value: + description: "Value can be specified directly to set a value without using a secret." + type: "string" + type: "object" certificate: - description: "Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate." + description: "Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate." properties: secretRef: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -561,13 +746,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -575,18 +769,28 @@ spec: type: "string" type: "object" clientId: + description: "ClientID is the API OAuth Client ID." properties: secretRef: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -594,27 +798,34 @@ spec: type: "string" type: "object" clientSecret: + description: "ClientSecret is the API OAuth Client Secret." properties: secretRef: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: description: "Value can be specified directly to set a value without using a secret." type: "string" type: "object" - required: - - "clientId" - - "clientSecret" type: "object" server: description: "Auth configures how API server works." @@ -655,13 +866,22 @@ spec: description: "AccessToken used for the bitwarden instance." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -680,12 +900,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -723,13 +952,22 @@ spec: description: "SecretKey is the Signing Key in PEM format, used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -759,29 +997,47 @@ spec: account: type: "string" apiKeyRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" userRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -800,13 +1056,22 @@ spec: description: "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Conjur using the JWT authentication method." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -819,9 +1084,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -841,12 +1112,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -874,13 +1154,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -894,13 +1183,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -933,13 +1231,22 @@ spec: description: "Username / Password is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -965,13 +1272,22 @@ spec: description: "The DopplerToken is used for authentication.\nSee https://docs.doppler.com/reference/api#authentication for auth token types.\nThe Key attribute defaults to dopplerToken if not specified." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1042,13 +1358,22 @@ spec: description: "SecretRef is a reference to a secret containing the SDKMS API Key." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1068,13 +1393,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1096,9 +1430,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -1128,13 +1468,22 @@ spec: description: "AccessToken is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1189,13 +1538,22 @@ spec: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1215,29 +1573,47 @@ spec: universalAuthCredentials: properties: clientId: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientSecret: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1272,16 +1648,25 @@ spec: description: "KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider" properties: authRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" folderID: @@ -1302,29 +1687,47 @@ spec: description: "has both clientCert and clientKey as secretKeySelector" properties: clientCert: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" clientKey: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1338,9 +1741,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -1349,16 +1758,25 @@ spec: description: "use static token to authenticate with" properties: bearerToken: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1367,18 +1785,30 @@ spec: description: "A reference to a secret that contains the auth information." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" remoteNamespace: default: "default" description: "Remote namespace to fetch the secrets from" + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" server: description: "configures the Kubernetes server Address." @@ -1392,12 +1822,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -1429,26 +1868,44 @@ spec: description: "OnboardbaseAPIKey is the APIKey generated by an admin account.\nIt is used to recognize and authorize access to a project and environment within onboardbase" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" passcodeRef: description: "OnboardbasePasscode is the passcode attached to the API Key" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1482,13 +1939,22 @@ spec: description: "The ConnectToken is used for authentication to a 1Password Connect Server." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1523,26 +1989,44 @@ spec: description: "Fingerprint is the fingerprint of the API private key." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" privatekey: description: "PrivateKey is the user's API Signing Key in PEM format, used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1587,9 +2071,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -1607,29 +2097,47 @@ spec: description: "Auth defines the information necessary to authenticate against Passbolt Server" properties: passwordSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" privateKeySecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1655,13 +2163,22 @@ spec: description: "Username / Password is used for authentication." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1692,13 +2209,22 @@ spec: description: "The AccessToken is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1720,13 +2246,22 @@ spec: description: "SecretRef is a reference to a secret containing the Pulumi API token." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1759,13 +2294,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1788,13 +2332,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1817,13 +2370,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1840,13 +2402,22 @@ spec: description: "SecretRef references a key in a secret that will be used as value." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" value: @@ -1867,16 +2438,25 @@ spec: clientId: type: "string" clientSecretSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1918,26 +2498,44 @@ spec: description: "Reference to a key in a Secret that contains the App Role ID used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role id." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretRef: description: "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -1951,26 +2549,44 @@ spec: description: "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretRef: description: "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -1993,9 +2609,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -2017,39 +2639,66 @@ spec: description: "The AccessKeyID is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" secretAccessKeySecretRef: description: "The SecretAccessKey is used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" sessionTokenSecretRef: description: "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2087,9 +2736,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -2108,13 +2763,22 @@ spec: description: "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -2134,13 +2798,22 @@ spec: description: "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" serviceAccountRef: @@ -2153,9 +2826,15 @@ spec: type: "array" name: description: "The name of the ServiceAccount resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" required: - "name" @@ -2175,13 +2854,22 @@ spec: description: "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" username: @@ -2198,13 +2886,22 @@ spec: description: "TokenSecretRef authenticates with Vault by presenting a token." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" userPass: @@ -2218,13 +2915,22 @@ spec: description: "SecretRef to a key in a Secret resource containing password for the\nuser used to authenticate with Vault using the UserPass authentication\nmethod" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" username: @@ -2244,12 +2950,21 @@ spec: properties: key: description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -2288,26 +3003,44 @@ spec: description: "CertSecretRef is a certificate added to the transport layer\nwhen communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.crt'." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" keySecretRef: description: "KeySecretRef to a key in a Secret resource containing client private key\nadded to the transport layer when communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.key'." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2336,13 +3069,22 @@ spec: description: "The provider for the CA bundle to use to validate webhook server certificate." properties: key: - description: "The key the value inside of the provider type to use, only used with \"Secret\" type" + description: "The key where the CA certificate can be found in the Secret or ConfigMap." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the object located at the provider type." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: description: "The namespace the Provider type is in." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: description: "The type of provider to use such as \"Secret\", or \"ConfigMap\"." @@ -2380,13 +3122,22 @@ spec: description: "Secret ref to fill in credentials" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" required: @@ -2417,13 +3168,22 @@ spec: description: "The authorized key used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2431,16 +3191,25 @@ spec: description: "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." properties: certSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2460,13 +3229,22 @@ spec: description: "The authorized key used for authentication" properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" @@ -2474,16 +3252,25 @@ spec: description: "The provider for the CA bundle to use to validate Yandex.Cloud server certificate." properties: certSecretRef: - description: "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field." + description: "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field." properties: key: - description: "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required." + description: "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required." + maxLength: 253 + minLength: 1 + pattern: "^[-._a-zA-Z0-9]+$" type: "string" name: description: "The name of the Secret resource being referred to." + maxLength: 253 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" type: "string" namespace: - description: "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent." + description: "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent." + maxLength: 63 + minLength: 1 + pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" type: "string" type: "object" type: "object" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml index 8cbfa9f07..33a2dd3be 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/canaries.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "canaries.canaries.flanksource.com" spec: group: "canaries.flanksource.com" @@ -1686,14 +1686,14 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" tagSelector: type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -4321,7 +4321,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4350,7 +4351,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml index d8cbc0234..539b75fb9 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/components.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "components.canaries.flanksource.com" spec: group: "canaries.flanksource.com" @@ -77,7 +77,7 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" @@ -92,7 +92,7 @@ spec: description: "Deprecated. Use `types`" type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -212,7 +212,7 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" @@ -227,7 +227,7 @@ spec: description: "Deprecated. Use `types`" type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -358,14 +358,14 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" tagSelector: type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" diff --git a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml index 866bc7707..0e8a70535 100644 --- a/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml +++ b/crd-catalog/flanksource/canary-checker/canaries.flanksource.com/v1/topologies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "topologies.canaries.flanksource.com" spec: group: "canaries.flanksource.com" @@ -66,14 +66,14 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" tagSelector: type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -125,7 +125,7 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" @@ -140,7 +140,7 @@ spec: description: "Deprecated. Use `types`" type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -260,7 +260,7 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" @@ -275,7 +275,7 @@ spec: description: "Deprecated. Use `types`" type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -406,14 +406,14 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" tagSelector: type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -494,7 +494,7 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" @@ -509,7 +509,7 @@ spec: description: "Deprecated. Use `types`" type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -546,14 +546,14 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" tagSelector: type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" @@ -626,7 +626,7 @@ spec: description: "Search query that applies to the resource name, tag & labels." type: "string" statuses: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Statuses filter resources by the status" items: type: "string" type: "array" @@ -641,7 +641,7 @@ spec: description: "Deprecated. Use `types`" type: "string" types: - description: "StringArray represents a one-dimensional array of the PostgreSQL character types." + description: "Types filter resources by the type" items: type: "string" type: "array" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml index a6080f4eb..8ab89a1e6 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfilters.yaml @@ -691,6 +691,10 @@ spec: matchRegex: description: "A regular expression to match against the tags of incoming records.\nUse this option if you want to use the full regex syntax." type: "string" + ordinal: + description: "An ordinal to influence filter ordering" + format: "int32" + type: "integer" type: "object" type: "object" served: true diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml index 54af2287f..2734d2495 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusterfluentbitconfigs.yaml @@ -220,8 +220,7 @@ spec: type: "string" flushSeconds: description: "Interval to flush output" - format: "int64" - type: "integer" + type: "number" graceSeconds: description: "Wait time on exit" format: "int64" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml index 717af7378..c1d767725 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/clusteroutputs.yaml @@ -2257,6 +2257,9 @@ spec: logResponsePayload: description: "Log the response payload within the Fluent Bit log." type: "boolean" + logsBodyKey: + description: "The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model." + type: "string" logsBodyKeyAttributes: description: "If true, remaining unmatched keys are added as attributes." type: "boolean" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml index 016266fe9..d2155a6f3 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/filters.yaml @@ -691,6 +691,10 @@ spec: matchRegex: description: "A regular expression to match against the tags of incoming records.\nUse this option if you want to use the full regex syntax." type: "string" + ordinal: + description: "An ordinal to influence filter ordering" + format: "int32" + type: "integer" type: "object" type: "object" served: true diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml index b6f21696d..58aa9a3e2 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbitconfigs.yaml @@ -244,8 +244,7 @@ spec: type: "string" flushSeconds: description: "Interval to flush output" - format: "int64" - type: "integer" + type: "number" graceSeconds: description: "Wait time on exit" format: "int64" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbits.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbits.yaml index 70f53c832..df81e7c3f 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbits.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/fluentbits.yaml @@ -802,6 +802,24 @@ spec: fluentBitConfigName: description: "Fluentbitconfig object associated with this Fluentbit" type: "string" + hostAliases: + description: "HostAliases is an optional list of IPs and hostnames that will be injected into the pod's hosts file if specified." + items: + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." + properties: + hostnames: + description: "Hostnames for the above IP address." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + ip: + description: "IP address of the host file entry." + type: "string" + required: + - "ip" + type: "object" + type: "array" hostNetwork: description: "Host networking is requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false." type: "boolean" diff --git a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml index 77b608de2..ba3de9b52 100644 --- a/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentbit.fluent.io/v1alpha2/outputs.yaml @@ -2257,6 +2257,9 @@ spec: logResponsePayload: description: "Log the response payload within the Fluent Bit log." type: "boolean" + logsBodyKey: + description: "The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model." + type: "string" logsBodyKeyAttributes: description: "If true, remaining unmatched keys are added as attributes." type: "boolean" diff --git a/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/fluentds.yaml b/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/fluentds.yaml index 75310bc68..bb633403e 100644 --- a/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/fluentds.yaml +++ b/crd-catalog/fluent/fluent-operator/fluentd.fluent.io/v1alpha1/fluentds.yaml @@ -1875,6 +1875,24 @@ spec: type: "object" type: "object" type: "array" + hostAliases: + description: "HostAliases is an optional list of IPs and hostnames that will be injected into the pod's hosts file if specified." + items: + description: "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file." + properties: + hostnames: + description: "Hostnames for the above IP address." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + ip: + description: "IP address of the host file entry." + type: "string" + required: + - "ip" + type: "object" + type: "array" image: description: "Fluentd image." type: "string" diff --git a/crd-catalog/fluxcd/flagger/flagger.app/v1beta1/canaries.yaml b/crd-catalog/fluxcd/flagger/flagger.app/v1beta1/canaries.yaml index ed1cca7d2..d5ef92658 100644 --- a/crd-catalog/fluxcd/flagger/flagger.app/v1beta1/canaries.yaml +++ b/crd-catalog/fluxcd/flagger/flagger.app/v1beta1/canaries.yaml @@ -285,6 +285,9 @@ spec: description: "Webhook list for this canary" items: properties: + disableTLS: + description: "Disable TLS verification for this webhook" + type: "boolean" metadata: additionalProperties: type: "string" @@ -345,9 +348,11 @@ spec: primaryScalerReplicas: properties: maxReplicas: - type: "number" + minimum: 1.0 + type: "integer" minReplicas: - type: "number" + minimum: 1.0 + type: "integer" type: "object" required: - "apiVersion" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml index 5909b5c3e..71bb50c23 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadashboards.yaml @@ -43,7 +43,7 @@ spec: description: "GrafanaDashboardSpec defines the desired state of GrafanaDashboard" properties: allowCrossNamespaceImport: - description: "allow to import this resources from an operator in a different namespace" + description: "Allow the Operator to match this resource with Grafanas outside the current namespace" type: "boolean" configMapRef: description: "dashboard from configmap" @@ -193,7 +193,7 @@ spec: format: "byte" type: "string" instanceSelector: - description: "selects Grafanas for import" + description: "Selects Grafana instances for import" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -226,7 +226,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" x-kubernetes-validations: - - message: "Value is immutable" + - message: "spec.instanceSelector is immutable" rule: "self == oldSelf" json: description: "dashboard json" @@ -264,8 +264,8 @@ spec: type: "object" type: "array" resyncPeriod: - default: "5m" - description: "how often the dashboard is refreshed, defaults to 5m if not set" + default: "10m0s" + description: "How often the resource is synced, defaults to 10m0s if not set" format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml index 991c8f8d9..9977c80ef 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanadatasources.yaml @@ -43,7 +43,7 @@ spec: description: "GrafanaDatasourceSpec defines the desired state of GrafanaDatasource" properties: allowCrossNamespaceImport: - description: "allow to import this resources from an operator in a different namespace" + description: "Allow the Operator to match this resource with Grafanas outside the current namespace" type: "boolean" datasource: properties: @@ -56,7 +56,7 @@ spec: database: type: "string" editable: - description: "Deprecated field, it has no effect" + description: "Whether to enable/disable editing of the datasource in Grafana UI" type: "boolean" isDefault: type: "boolean" @@ -75,6 +75,7 @@ spec: type: type: "string" uid: + description: "Deprecated field, use spec.uid instead" type: "string" url: type: "string" @@ -82,7 +83,7 @@ spec: type: "string" type: "object" instanceSelector: - description: "selects Grafana instances for import" + description: "Selects Grafana instances for import" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -115,7 +116,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" x-kubernetes-validations: - - message: "Value is immutable" + - message: "spec.instanceSelector is immutable" rule: "self == oldSelf" plugins: description: "plugins" @@ -131,11 +132,17 @@ spec: type: "object" type: "array" resyncPeriod: - default: "5m" - description: "how often the datasource is refreshed, defaults to 5m if not set" + default: "10m0s" + description: "How often the resource is synced, defaults to 10m0s if not set" format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" + uid: + description: "The UID, for the datasource, fallback to the deprecated spec.datasource.uid and metadata.uid" + type: "string" + x-kubernetes-validations: + - message: "spec.uid is immutable" + rule: "self == oldSelf" valuesFrom: description: "environments variables from secrets or config maps" items: @@ -192,6 +199,9 @@ spec: - "datasource" - "instanceSelector" type: "object" + x-kubernetes-validations: + - message: "spec.uid is immutable" + rule: "((!has(oldSelf.uid) && !has(self.uid)) || (has(oldSelf.uid) && has(self.uid)))" status: description: "GrafanaDatasourceStatus defines the observed state of GrafanaDatasource" properties: diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml index 653620ded..36b40927f 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanafolders.yaml @@ -39,10 +39,10 @@ spec: description: "GrafanaFolderSpec defines the desired state of GrafanaFolder" properties: allowCrossNamespaceImport: - description: "Enable matching Grafana instances outside the current namespace" + description: "Allow the Operator to match this resource with Grafanas outside the current namespace" type: "boolean" instanceSelector: - description: "Selects Grafanas for import" + description: "Selects Grafana instances for import" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -75,7 +75,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" x-kubernetes-validations: - - message: "Value is immutable" + - message: "spec.instanceSelector is immutable" rule: "self == oldSelf" parentFolderRef: description: "Reference to an existing GrafanaFolder CR in the same namespace" @@ -87,8 +87,8 @@ spec: description: "Raw json with folder permissions, potentially exported from Grafana" type: "string" resyncPeriod: - default: "5m" - description: "How often the folder is synced, defaults to 5m if not set" + default: "10m0s" + description: "How often the resource is synced, defaults to 10m0s if not set" format: "duration" pattern: "^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$" type: "string" diff --git a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml index f7be79124..b83f794b3 100644 --- a/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml +++ b/crd-catalog/grafana-operator/grafana-operator/grafana.integreatly.org/v1beta1/grafanas.yaml @@ -47,6 +47,11 @@ spec: client: description: "Client defines how the grafana-operator talks to the grafana instance." properties: + headers: + additionalProperties: + type: "string" + description: "Custom HTTP headers to use when interacting with this Grafana." + type: "object" preferIngress: description: "If the operator should send it's request through the grafana instances ingress object instead of through the service." nullable: true diff --git a/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml b/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml index 4add3f76b..0dad2d696 100644 --- a/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml +++ b/crd-catalog/grafana/tempo-operator/tempo.grafana.com/v1alpha1/tempostacks.yaml @@ -1505,8 +1505,7 @@ spec: description: "PrometheusEndpoint defines the endpoint to the Prometheus instance that contains the span rate, error, and duration (RED) metrics.\nFor instance on OpenShift this is set to https://thanos-querier.openshift-monitoring.svc.cluster.local:9091" type: "string" redMetricsNamespace: - default: "traces.span.metrics" - description: "REDMetricsNamespace defines the a prefix used retrieve span rate, error, and duration (RED) metrics.\nBy default it is set to `traces.span.metrics` following the default namespace of the OpenTelemetry Collector since Version 0.109.0." + description: "REDMetricsNamespace defines the a prefix used retrieve span rate, error, and duration (RED) metrics." type: "string" type: "object" resources: diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml index d4bf50950..3df891c7a 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v2/teleportprovisiontokens.yaml @@ -88,6 +88,32 @@ spec: nullable: true type: "array" type: "object" + bitbucket: + description: "Bitbucket allows the configuration of options specific to the \"bitbucket\" join method." + nullable: true + properties: + allow: + description: "Allow is a list of Rules, nodes using this token must match one allow rule to use this token." + items: + properties: + branch_name: + type: "string" + deployment_environment_uuid: + type: "string" + repository_uuid: + type: "string" + workspace_uuid: + type: "string" + type: "object" + nullable: true + type: "array" + audience: + description: "Audience is a Bitbucket-specified audience value for this token. It is unique to each Bitbucket repository, and must be set to the value as written in the Pipelines -> OpenID Connect section of the repository settings." + type: "string" + identity_provider_url: + description: "IdentityProviderURL is a Bitbucket-specified issuer URL for incoming OIDC tokens. It is unique to each Bitbucket repository, and must be set to the value as written in the Pipelines -> OpenID Connect section of the repository settings." + type: "string" + type: "object" bot_name: description: "BotName is the name of the bot this token grants access to, if any" type: "string" @@ -169,6 +195,9 @@ spec: enterprise_slug: description: "EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be included in the expected issuer of the OIDC tokens. This is for compatibility with the `include_enterprise_slug` option in GHE. This field should be set to the slug of your enterprise if this is enabled. If this is not enabled, then this field must be left empty. This field cannot be specified if `enterprise_server_host` is specified. See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise for more information about customized issuer values." type: "string" + static_jwks: + description: "StaticJWKS disables fetching of the GHES signing keys via the JWKS/OIDC endpoints, and allows them to be directly specified. This allows joining from GitHub Actions in GHES instances that are not reachable by the Teleport Auth Service." + type: "string" type: "object" gitlab: description: "GitLab allows the configuration of options specific to the \"gitlab\" join method." diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml index f88beb622..2703bd981 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v5/teleportroles.yaml @@ -131,6 +131,17 @@ spec: type: "string" nullable: true type: "array" + github_permissions: + description: "GitHubPermissions defines GitHub integration related permissions." + items: + properties: + orgs: + items: + type: "string" + nullable: true + type: "array" + type: "object" + type: "array" group_labels: additionalProperties: x-kubernetes-preserve-unknown-fields: true @@ -295,6 +306,14 @@ spec: description: "MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used." format: "duration" type: "string" + reason: + description: "Reason defines settings for the reason for the access provided by the user." + nullable: true + properties: + mode: + description: "Mode can be either \"required\" or \"optional\". Empty string is treated as \"optional\". If a role has the request reason mode set to \"required\", then reason is required for all Access Requests requesting roles or resources allowed by this role. It applies only to users who have this role assigned." + type: "string" + type: "object" roles: description: "Roles is the name of roles which will match the request rule." items: @@ -572,6 +591,17 @@ spec: type: "string" nullable: true type: "array" + github_permissions: + description: "GitHubPermissions defines GitHub integration related permissions." + items: + properties: + orgs: + items: + type: "string" + nullable: true + type: "array" + type: "object" + type: "array" group_labels: additionalProperties: x-kubernetes-preserve-unknown-fields: true @@ -736,6 +766,14 @@ spec: description: "MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used." format: "duration" type: "string" + reason: + description: "Reason defines settings for the reason for the access provided by the user." + nullable: true + properties: + mode: + description: "Mode can be either \"required\" or \"optional\". Empty string is treated as \"optional\". If a role has the request reason mode set to \"required\", then reason is required for all Access Requests requesting roles or resources allowed by this role. It applies only to users who have this role assigned." + type: "string" + type: "object" roles: description: "Roles is the name of roles which will match the request rule." items: @@ -1020,7 +1058,7 @@ spec: description: "PinSourceIP forces the same client IP for certificate generation and usage" type: "boolean" port_forwarding: - description: "PortForwarding defines if the certificate will have \"permit-port-forwarding\" in the certificate. PortForwarding is \"yes\" if not set, that's why this is a pointer" + description: "Deprecated: Use SSHPortForwarding instead" type: "boolean" record_session: description: "RecordDesktopSession indicates whether desktop access sessions should be recorded. It defaults to true unless explicitly set to false." @@ -1048,6 +1086,25 @@ spec: ssh_file_copy: description: "SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to true unless explicitly set to false." type: "boolean" + ssh_port_forwarding: + description: "SSHPortForwarding configures what types of SSH port forwarding are allowed by a role." + nullable: true + properties: + local: + description: "Allow local port forwarding." + nullable: true + properties: + enabled: + type: "boolean" + type: "object" + remote: + description: "Allow remote port forwarding." + nullable: true + properties: + enabled: + type: "boolean" + type: "object" + type: "object" type: "object" type: "object" status: diff --git a/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml b/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml index 33279ec97..5959c57ea 100644 --- a/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml +++ b/crd-catalog/gravitational/teleport/resources.teleport.dev/v6/teleportroles.yaml @@ -131,6 +131,17 @@ spec: type: "string" nullable: true type: "array" + github_permissions: + description: "GitHubPermissions defines GitHub integration related permissions." + items: + properties: + orgs: + items: + type: "string" + nullable: true + type: "array" + type: "object" + type: "array" group_labels: additionalProperties: x-kubernetes-preserve-unknown-fields: true @@ -295,6 +306,14 @@ spec: description: "MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used." format: "duration" type: "string" + reason: + description: "Reason defines settings for the reason for the access provided by the user." + nullable: true + properties: + mode: + description: "Mode can be either \"required\" or \"optional\". Empty string is treated as \"optional\". If a role has the request reason mode set to \"required\", then reason is required for all Access Requests requesting roles or resources allowed by this role. It applies only to users who have this role assigned." + type: "string" + type: "object" roles: description: "Roles is the name of roles which will match the request rule." items: @@ -572,6 +591,17 @@ spec: type: "string" nullable: true type: "array" + github_permissions: + description: "GitHubPermissions defines GitHub integration related permissions." + items: + properties: + orgs: + items: + type: "string" + nullable: true + type: "array" + type: "object" + type: "array" group_labels: additionalProperties: x-kubernetes-preserve-unknown-fields: true @@ -736,6 +766,14 @@ spec: description: "MaxDuration is the amount of time the access will be granted for. If this is zero, the default duration is used." format: "duration" type: "string" + reason: + description: "Reason defines settings for the reason for the access provided by the user." + nullable: true + properties: + mode: + description: "Mode can be either \"required\" or \"optional\". Empty string is treated as \"optional\". If a role has the request reason mode set to \"required\", then reason is required for all Access Requests requesting roles or resources allowed by this role. It applies only to users who have this role assigned." + type: "string" + type: "object" roles: description: "Roles is the name of roles which will match the request rule." items: @@ -1020,7 +1058,7 @@ spec: description: "PinSourceIP forces the same client IP for certificate generation and usage" type: "boolean" port_forwarding: - description: "PortForwarding defines if the certificate will have \"permit-port-forwarding\" in the certificate. PortForwarding is \"yes\" if not set, that's why this is a pointer" + description: "Deprecated: Use SSHPortForwarding instead" type: "boolean" record_session: description: "RecordDesktopSession indicates whether desktop access sessions should be recorded. It defaults to true unless explicitly set to false." @@ -1048,6 +1086,25 @@ spec: ssh_file_copy: description: "SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed over an SSH session. It defaults to true unless explicitly set to false." type: "boolean" + ssh_port_forwarding: + description: "SSHPortForwarding configures what types of SSH port forwarding are allowed by a role." + nullable: true + properties: + local: + description: "Allow local port forwarding." + nullable: true + properties: + enabled: + type: "boolean" + type: "object" + remote: + description: "Allow remote port forwarding." + nullable: true + properties: + enabled: + type: "boolean" + type: "object" + type: "object" type: "object" type: "object" status: diff --git a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml index afd3baf72..1b544704e 100644 --- a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml +++ b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/agentpools.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "agentpools.app.terraform.io" spec: group: "app.terraform.io" @@ -232,13 +232,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -337,13 +337,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -441,13 +441,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -546,13 +546,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -648,7 +648,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -698,7 +698,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -725,7 +725,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -740,7 +740,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -939,7 +939,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1077,7 +1078,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1177,13 +1179,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1253,7 +1258,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -1292,7 +1297,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -1339,7 +1344,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1470,7 +1476,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -1534,7 +1540,7 @@ spec: ephemeralContainers: description: "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing\npod to perform user-initiated actions such as debugging. This list cannot be specified when\ncreating a pod, and it cannot be modified by updating the pod spec. In order to add an\nephemeral container to an existing pod, use the pod's ephemeralcontainers subresource." items: - description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." + description: "An EphemeralContainer is a temporary container that you may add to an existing Pod for\nuser-initiated activities such as debugging. Ephemeral containers have no resource or\nscheduling guarantees, and they will not be restarted when they exit or when a Pod is\nremoved or restarted. The kubelet may evict a Pod if an ephemeral container causes the\nPod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing\nPod. Ephemeral containers may not be removed or restarted." properties: args: description: "Arguments to the entrypoint.\nThe image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" @@ -1570,7 +1576,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1620,7 +1626,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1647,7 +1653,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -1662,7 +1668,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -1861,7 +1867,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1999,7 +2006,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2099,13 +2107,16 @@ spec: description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources\nalready allocated to the pod." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2175,7 +2186,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -2214,7 +2225,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -2261,7 +2272,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2347,7 +2359,7 @@ spec: description: "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false" type: "boolean" targetContainerName: - description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." + description: "If set, the name of the container from PodSpec that this ephemeral container targets.\nThe ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.\nIf not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not\nsupport namespace targeting then the result of setting this field is undefined." type: "string" terminationMessagePath: description: "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated." @@ -2395,7 +2407,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -2464,7 +2476,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -2511,7 +2523,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2561,7 +2573,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2588,7 +2600,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap must be defined" @@ -2603,7 +2615,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret must be defined" @@ -2802,7 +2814,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2940,7 +2953,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3040,13 +3054,16 @@ spec: description: "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3116,7 +3133,7 @@ spec: description: "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows." type: "boolean" procMount: - description: "procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." + description: "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows." type: "string" readOnlyRootFilesystem: description: "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows." @@ -3155,7 +3172,7 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" @@ -3202,7 +3219,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3333,7 +3351,7 @@ spec: description: "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false." type: "boolean" recursiveReadOnly: - description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\n\nIf this field is not specified, it is treated as an equivalent of Disabled." + description: "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled." type: "string" subPath: description: "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)." @@ -3360,7 +3378,7 @@ spec: - "name" x-kubernetes-list-type: "map" nodeName: - description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty,\nthe scheduler simply schedules this pod onto that node, assuming that it fits resource\nrequirements." + description: "NodeName indicates in which node this pod is scheduled.\nIf empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.\nOnce this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.\nThis field should not be used to express a desire for the pod to be scheduled on a specific node.\nhttps://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename" type: "string" nodeSelector: additionalProperties: @@ -3369,7 +3387,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" os: - description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" + description: "Specifies the OS of the containers in the pod.\nSome pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset:\n-securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset:\n- spec.hostPID\n- spec.hostIPC\n- spec.hostUsers\n- spec.securityContext.appArmorProfile\n- spec.securityContext.seLinuxOptions\n- spec.securityContext.seccompProfile\n- spec.securityContext.fsGroup\n- spec.securityContext.fsGroupChangePolicy\n- spec.securityContext.sysctls\n- spec.shareProcessNamespace\n- spec.securityContext.runAsUser\n- spec.securityContext.runAsGroup\n- spec.securityContext.supplementalGroups\n- spec.securityContext.supplementalGroupsPolicy\n- spec.containers[*].securityContext.appArmorProfile\n- spec.containers[*].securityContext.seLinuxOptions\n- spec.containers[*].securityContext.seccompProfile\n- spec.containers[*].securityContext.capabilities\n- spec.containers[*].securityContext.readOnlyRootFilesystem\n- spec.containers[*].securityContext.privileged\n- spec.containers[*].securityContext.allowPrivilegeEscalation\n- spec.containers[*].securityContext.procMount\n- spec.containers[*].securityContext.runAsUser\n- spec.containers[*].securityContext.runAsGroup" properties: name: description: "Name is the name of the operating system. The currently supported values are linux and windows.\nAdditional value may be defined in future and can be one of:\nhttps://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration\nClients should expect to handle additional values and treat unrecognized values in this field as os: null" @@ -3410,23 +3428,19 @@ spec: type: "array" x-kubernetes-list-type: "atomic" resourceClaims: - description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable." + description: "ResourceClaims defines which ResourceClaims must be allocated\nand reserved before the Pod is allowed to start. The resources\nwill be made available to those containers which consume them\nby name.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable." items: - description: "PodResourceClaim references exactly one ResourceClaim through a ClaimSource.\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." + description: "PodResourceClaim references exactly one ResourceClaim, either directly\nor by naming a ResourceClaimTemplate which is then turned into a ResourceClaim\nfor the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod.\nContainers that need access to the ResourceClaim reference it with this name." properties: name: description: "Name uniquely identifies this resource claim inside the pod.\nThis must be a DNS_LABEL." type: "string" - source: - description: "Source describes where to find the ResourceClaim." - properties: - resourceClaimName: - description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod." - type: "string" - resourceClaimTemplateName: - description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim." - type: "string" - type: "object" + resourceClaimName: + description: "ResourceClaimName is the name of a ResourceClaim object in the same\nnamespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of a ResourceClaimTemplate\nobject in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will\nbe bound to this pod. When this pod is deleted, the ResourceClaim\nwill also be deleted. The pod name and resource name, along with a\ngenerated component, will be used to form a unique name for the\nResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the\ncorresponding ResourceClaim by the control plane after creating the\nResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must\nbe set." + type: "string" required: - "name" type: "object" @@ -3444,7 +3458,7 @@ spec: description: "If specified, the pod will be dispatched by specified scheduler.\nIf not specified, the pod will be dispatched by default scheduler." type: "string" schedulingGates: - description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." + description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.\nIf schedulingGates is not empty, the pod will stay in the SchedulingGated state and the\nscheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards." items: description: "PodSchedulingGate is associated to a Pod to guard its scheduling." properties: @@ -3474,7 +3488,7 @@ spec: - "type" type: "object" fsGroup: - description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." + description: "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows." format: "int64" type: "integer" fsGroupChangePolicy: @@ -3514,18 +3528,21 @@ spec: description: "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type." type: "string" type: - description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." + description: "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied." type: "string" required: - "type" type: "object" supplementalGroups: - description: "A list of groups applied to the first process run in each container, in addition\nto the container's primary GID, the fsGroup (if specified), and group memberships\ndefined in the container image for the uid of the container process. If unspecified,\nno additional groups are added to any container. Note that group memberships\ndefined in the container image for the uid of the container process are still effective,\neven if they are not included in this list.\nNote that this field cannot be set when spec.os.name is windows." + description: "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows." items: format: "int64" type: "integer" type: "array" x-kubernetes-list-type: "atomic" + supplementalGroupsPolicy: + description: "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows." + type: "string" sysctls: description: "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows." items: @@ -3642,7 +3659,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3652,14 +3669,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3686,7 +3703,7 @@ spec: description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty)." @@ -3714,12 +3731,14 @@ spec: description: "diskURI is the URI of data disk in the blob storage" type: "string" fsType: + default: "ext4" description: "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" kind: description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" type: "string" readOnly: + default: false description: "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts." type: "boolean" required: @@ -3765,7 +3784,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3789,7 +3808,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3829,7 +3848,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -3850,7 +3869,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -3938,10 +3957,10 @@ spec: x-kubernetes-int-or-string: true type: "object" ephemeral: - description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." + description: "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\n\nRequired, must not be nil." + description: "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil." properties: metadata: description: "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation." @@ -4050,7 +4069,7 @@ spec: description: "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" type: "string" volumeAttributesClassName: - description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled." + description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default)." type: "string" volumeMode: description: "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec." @@ -4067,7 +4086,7 @@ spec: description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod." properties: fsType: - description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified." type: "string" lun: description: "lun is Optional: FC target lun number" @@ -4111,7 +4130,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4132,7 +4151,7 @@ spec: description: "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" properties: fsType: - description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" type: "string" partition: description: "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" @@ -4179,7 +4198,7 @@ spec: - "path" type: "object" hostPath: - description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n---\nTODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not\nmount host directories as read/write." + description: "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" properties: path: description: "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" @@ -4190,6 +4209,16 @@ spec: required: - "path" type: "object" + image: + description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type." + properties: + pullPolicy: + description: "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise." + type: "string" + reference: + description: "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets." + type: "string" + type: "object" iscsi: description: "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md" properties: @@ -4200,7 +4229,7 @@ spec: description: "chapAuthSession defines whether support iSCSI Session CHAP authentication" type: "boolean" fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi" type: "string" initiatorName: description: "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection." @@ -4209,6 +4238,7 @@ spec: description: "iqn is the target iSCSI Qualified Name." type: "string" iscsiInterface: + default: "default" description: "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp)." type: "string" lun: @@ -4229,7 +4259,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4307,12 +4337,12 @@ spec: format: "int32" type: "integer" sources: - description: "sources is the list of volume projections" + description: "sources is the list of volume projections. Each entry in this list\nhandles one source." items: - description: "Projection that may be projected along with other supported volume types" + description: "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set." properties: clusterTrustBundle: - description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." + description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time." properties: labelSelector: description: "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\"." @@ -4388,7 +4418,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional specify whether the ConfigMap or its keys must be defined" @@ -4475,7 +4505,7 @@ spec: x-kubernetes-list-type: "atomic" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "optional field specify whether the Secret or its key must be defined" @@ -4531,12 +4561,13 @@ spec: description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nMore info: https://examples.k8s.io/volumes/rbd/README.md" properties: fsType: - description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd\nTODO: how do we prevent errors in the filesystem from compromising the machine" + description: "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd" type: "string" image: description: "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" keyring: + default: "/etc/ceph/keyring" description: "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" monitors: @@ -4546,6 +4577,7 @@ spec: type: "array" x-kubernetes-list-type: "atomic" pool: + default: "rbd" description: "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" readOnly: @@ -4556,11 +4588,12 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" user: + default: "admin" description: "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" type: "string" required: @@ -4571,6 +4604,7 @@ spec: description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes." properties: fsType: + default: "xfs" description: "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\"." type: "string" gateway: @@ -4587,7 +4621,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4595,6 +4629,7 @@ spec: description: "sslEnabled Flag enable/disable SSL communication with Gateway, default false" type: "boolean" storageMode: + default: "ThinProvisioned" description: "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned." type: "string" storagePool: @@ -4660,7 +4695,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -4795,7 +4830,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml index 652cee326..b4f905952 100644 --- a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml +++ b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/modules.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "modules.app.terraform.io" spec: group: "app.terraform.io" @@ -96,7 +96,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml index 12dcff052..097f58792 100644 --- a/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml +++ b/crd-catalog/hashicorp/terraform-cloud-operator/app.terraform.io/v1alpha2/workspaces.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "workspaces.app.terraform.io" spec: group: "app.terraform.io" @@ -103,7 +103,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -120,7 +120,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -404,7 +404,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -421,7 +421,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -451,7 +451,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" diff --git a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml index afd7c9460..cd5c3720b 100644 --- a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml +++ b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/cronfederatedhpas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "cronfederatedhpas.autoscaling.karmada.io" spec: group: "autoscaling.karmada.io" @@ -56,7 +56,7 @@ spec: minimum: 0.0 type: "integer" name: - description: "Name of the rule.\nEach rule in a CronFederatedHPA must have a unique name.\n\n\nNote: the name will be used as an identifier to record its execution\nhistory. Changing the name will be considered as deleting the old rule\nand adding a new rule, that means the original execution history will be\ndiscarded." + description: "Name of the rule.\nEach rule in a CronFederatedHPA must have a unique name.\n\nNote: the name will be used as an identifier to record its execution\nhistory. Changing the name will be considered as deleting the old rule\nand adding a new rule, that means the original execution history will be\ndiscarded." maxLength: 32 minLength: 1 type: "string" diff --git a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml index 07797924e..56a026407 100644 --- a/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml +++ b/crd-catalog/karmada-io/karmada/autoscaling.karmada.io/v1alpha1/federatedhpas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "federatedhpas.autoscaling.karmada.io" spec: group: "autoscaling.karmada.io" diff --git a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml index 4b1aea3f5..777edf402 100644 --- a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml +++ b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpretercustomizations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourceinterpretercustomizations.config.karmada.io" spec: group: "config.karmada.io" @@ -50,7 +50,7 @@ spec: description: "DependencyInterpretation describes the rules for Karmada to analyze the\ndependent resources.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#interpretdependency\nIf DependencyInterpretation is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to interpret the dependencies of\na specific resource.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function GetDependencies(desiredObj)\n dependencies = {}\n serviceAccountName = desiredObj.spec.template.spec.serviceAccountName\n if serviceAccountName ~= nil and serviceAccountName ~= \"default\" then\n dependency = {}\n dependency.apiVersion = \"v1\"\n dependency.kind = \"ServiceAccount\"\n dependency.name = serviceAccountName\n dependency.namespace = desiredObj.metadata.namespace\n dependencies[1] = dependency\n end\n return dependencies\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\n\nThe returned value should be expressed by a slice of DependentObjectReference." + description: "LuaScript holds the Lua script that is used to interpret the dependencies of\na specific resource.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function GetDependencies(desiredObj)\n dependencies = {}\n serviceAccountName = desiredObj.spec.template.spec.serviceAccountName\n if serviceAccountName ~= nil and serviceAccountName ~= \"default\" then\n dependency = {}\n dependency.apiVersion = \"v1\"\n dependency.kind = \"ServiceAccount\"\n dependency.name = serviceAccountName\n dependency.namespace = desiredObj.metadata.namespace\n dependencies[1] = dependency\n end\n return dependencies\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\nThe returned value should be expressed by a slice of DependentObjectReference." type: "string" required: - "luaScript" @@ -59,7 +59,7 @@ spec: description: "HealthInterpretation describes the health assessment rules by which Karmada\ncan assess the health state of the resource type." properties: luaScript: - description: "LuaScript holds the Lua script that is used to assess the health state of\na specific resource.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function InterpretHealth(observedObj)\n if observedObj.status.readyReplicas == observedObj.spec.replicas then\n return true\n end\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\n\nThe returned boolean value indicates the health status." + description: "LuaScript holds the Lua script that is used to assess the health state of\na specific resource.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function InterpretHealth(observedObj)\n if observedObj.status.readyReplicas == observedObj.spec.replicas then\n return true\n end\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\nThe returned boolean value indicates the health status." type: "string" required: - "luaScript" @@ -68,7 +68,7 @@ spec: description: "ReplicaResource describes the rules for Karmada to discover the resource's\nreplica as well as resource requirements.\nIt would be useful for those CRD resources that declare workload types like\nDeployment.\nIt is usually not needed for Kubernetes native resources(Deployment, Job) as\nKarmada knows how to discover info from them. But if it is set, the built-in\ndiscovery rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to discover the resource's\nreplica as well as resource requirements\n\n\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function GetReplicas(desiredObj)\n replica = desiredObj.spec.replicas\n requirement = {}\n requirement.nodeClaim = {}\n requirement.nodeClaim.nodeSelector = desiredObj.spec.template.spec.nodeSelector\n requirement.nodeClaim.tolerations = desiredObj.spec.template.spec.tolerations\n requirement.resourceRequest = desiredObj.spec.template.spec.containers[1].resources.limits\n return replica, requirement\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\n\nThe function expects two return values:\n - replica: the declared replica number\n - requirement: the resource required by each replica expressed with a\n ResourceBindingSpec.ReplicaRequirements.\nThe returned values will be set into a ResourceBinding or ClusterResourceBinding." + description: "LuaScript holds the Lua script that is used to discover the resource's\nreplica as well as resource requirements\n\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function GetReplicas(desiredObj)\n replica = desiredObj.spec.replicas\n requirement = {}\n requirement.nodeClaim = {}\n requirement.nodeClaim.nodeSelector = desiredObj.spec.template.spec.nodeSelector\n requirement.nodeClaim.tolerations = desiredObj.spec.template.spec.tolerations\n requirement.resourceRequest = desiredObj.spec.template.spec.containers[1].resources.limits\n return replica, requirement\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n\nThe function expects two return values:\n - replica: the declared replica number\n - requirement: the resource required by each replica expressed with a\n ResourceBindingSpec.ReplicaRequirements.\nThe returned values will be set into a ResourceBinding or ClusterResourceBinding." type: "string" required: - "luaScript" @@ -77,7 +77,7 @@ spec: description: "ReplicaRevision describes the rules for Karmada to revise the resource's replica.\nIt would be useful for those CRD resources that declare workload types like\nDeployment.\nIt is usually not needed for Kubernetes native resources(Deployment, Job) as\nKarmada knows how to revise replicas for them. But if it is set, the built-in\nrevision rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to revise replicas in the desired specification.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function ReviseReplica(desiredObj, desiredReplica)\n desiredObj.spec.replicas = desiredReplica\n return desiredObj\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - desiredReplica: the replica number should be applied with.\n\n\nThe returned object should be a revised configuration which will be\napplied to member cluster eventually." + description: "LuaScript holds the Lua script that is used to revise replicas in the desired specification.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function ReviseReplica(desiredObj, desiredReplica)\n desiredObj.spec.replicas = desiredReplica\n return desiredObj\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - desiredReplica: the replica number should be applied with.\n\nThe returned object should be a revised configuration which will be\napplied to member cluster eventually." type: "string" required: - "luaScript" @@ -86,7 +86,7 @@ spec: description: "Retention describes the desired behavior that Karmada should react on\nthe changes made by member cluster components. This avoids system\nrunning into a meaningless loop that Karmada resource controller and\nthe member cluster component continually applying opposite values of a field.\nFor example, the \"replicas\" of Deployment might be changed by the HPA\ncontroller on member cluster. In this case, Karmada should retain the \"replicas\"\nand not try to change it." properties: luaScript: - description: "LuaScript holds the Lua script that is used to retain runtime values\nto the desired specification.\n\n\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function Retain(desiredObj, observedObj)\n desiredObj.spec.fieldFoo = observedObj.spec.fieldFoo\n return desiredObj\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\n\nThe returned object should be a retained configuration which will be\napplied to member cluster eventually." + description: "LuaScript holds the Lua script that is used to retain runtime values\nto the desired specification.\n\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function Retain(desiredObj, observedObj)\n desiredObj.spec.fieldFoo = observedObj.spec.fieldFoo\n return desiredObj\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents the configuration to be applied\n to the member cluster.\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\nThe returned object should be a retained configuration which will be\napplied to member cluster eventually." type: "string" required: - "luaScript" @@ -95,7 +95,7 @@ spec: description: "StatusAggregation describes the rules for Karmada to aggregate status\ncollected from member clusters to resource template.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#aggregatestatus\nIf StatusAggregation is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to aggregate decentralized statuses\nto the desired specification.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function AggregateStatus(desiredObj, statusItems)\n for i = 1, #statusItems do\n desiredObj.status.readyReplicas = desiredObj.status.readyReplicas + items[i].readyReplicas\n end\n return desiredObj\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents a resource template.\n - statusItems: the slice of status expressed with AggregatedStatusItem.\n\n\nThe returned object should be a whole object with status aggregated." + description: "LuaScript holds the Lua script that is used to aggregate decentralized statuses\nto the desired specification.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function AggregateStatus(desiredObj, statusItems)\n for i = 1, #statusItems do\n desiredObj.status.readyReplicas = desiredObj.status.readyReplicas + items[i].readyReplicas\n end\n return desiredObj\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - desiredObj: the object represents a resource template.\n - statusItems: the slice of status expressed with AggregatedStatusItem.\n\nThe returned object should be a whole object with status aggregated." type: "string" required: - "luaScript" @@ -104,7 +104,7 @@ spec: description: "StatusReflection describes the rules for Karmada to pick the resource's status.\nKarmada provides built-in rules for several standard Kubernetes types, see:\nhttps://karmada.io/docs/userguide/globalview/customizing-resource-interpreter/#interpretstatus\nIf StatusReflection is set, the built-in rules will be ignored." properties: luaScript: - description: "LuaScript holds the Lua script that is used to get the status from the observed specification.\nThe script should implement a function as follows:\n\n\n```\n luaScript: >\n function ReflectStatus(observedObj)\n status = {}\n status.readyReplicas = observedObj.status.observedObj\n return status\n end\n```\n\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\n\nThe returned status could be the whole status or part of it and will\nbe set into both Work and ResourceBinding(ClusterResourceBinding)." + description: "LuaScript holds the Lua script that is used to get the status from the observed specification.\nThe script should implement a function as follows:\n\n```\n luaScript: >\n function ReflectStatus(observedObj)\n status = {}\n status.readyReplicas = observedObj.status.observedObj\n return status\n end\n```\n\nThe content of the LuaScript needs to be a whole function including both\ndeclaration and implementation.\n\nThe parameters will be supplied by the system:\n - observedObj: the object represents the configuration that is observed\n from a specific member cluster.\n\nThe returned status could be the whole status or part of it and will\nbe set into both Work and ResourceBinding(ClusterResourceBinding)." type: "string" required: - "luaScript" diff --git a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml index 5a4556af3..717ffea40 100644 --- a/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml +++ b/crd-catalog/karmada-io/karmada/config.karmada.io/v1alpha1/resourceinterpreterwebhookconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourceinterpreterwebhookconfigurations.config.karmada.io" spec: group: "config.karmada.io" @@ -41,7 +41,7 @@ spec: format: "byte" type: "string" service: - description: "`service` is a reference to the service for this webhook. Either\n`service` or `url` must be specified.\n\n\nIf the webhook is running within the cluster, then you should use `service`." + description: "`service` is a reference to the service for this webhook. Either\n`service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`." properties: name: description: "`name` is the name of the service.\nRequired" @@ -61,7 +61,7 @@ spec: - "namespace" type: "object" url: - description: "`url` gives the location of the webhook, in standard URL form\n(`scheme://host:port/path`). Exactly one of `url` or `service`\nmust be specified.\n\n\nThe `host` should not refer to a service running in the cluster; use\nthe `service` field instead. The host might be resolved via external\nDNS in some apiservers (e.g., `kube-apiserver` cannot resolve\nin-cluster DNS as that would be a layering violation). `host` may\nalso be an IP address.\n\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is\nrisky unless you take great care to run this webhook on all hosts\nwhich run an apiserver which might need to make calls to this\nwebhook. Such installs are likely to be non-portable, i.e., not easy\nto turn up in a new cluster.\n\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\n\nA path is optional, and if present may be any string permissible in\na URL. You may use the path to pass an arbitrary string to the\nwebhook, for example, a cluster identifier.\n\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not\nallowed. Fragments (\"#...\") and query parameters (\"?...\") are not\nallowed, either." + description: "`url` gives the location of the webhook, in standard URL form\n(`scheme://host:port/path`). Exactly one of `url` or `service`\nmust be specified.\n\nThe `host` should not refer to a service running in the cluster; use\nthe `service` field instead. The host might be resolved via external\nDNS in some apiservers (e.g., `kube-apiserver` cannot resolve\nin-cluster DNS as that would be a layering violation). `host` may\nalso be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is\nrisky unless you take great care to run this webhook on all hosts\nwhich run an apiserver which might need to make calls to this\nwebhook. Such installs are likely to be non-portable, i.e., not easy\nto turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in\na URL. You may use the path to pass an arbitrary string to the\nwebhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not\nallowed. Fragments (\"#...\") and query parameters (\"?...\") are not\nallowed, either." type: "string" type: "object" interpreterContextVersions: @@ -78,7 +78,7 @@ spec: description: "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make\nsure that all the tuple expansions are valid." properties: apiGroups: - description: "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nFor example:\n [\"apps\", \"batch\", \"example.io\"] means matches 3 groups.\n [\"*\"] means matches all group\n\n\nNote: The group could be empty, e.g the 'core' group of kubernetes, in that case use [\"\"]." + description: "APIGroups is the API groups the resources belong to. '*' is all groups.\nIf '*' is present, the length of the slice must be one.\nFor example:\n [\"apps\", \"batch\", \"example.io\"] means matches 3 groups.\n [\"*\"] means matches all group\n\nNote: The group could be empty, e.g the 'core' group of kubernetes, in that case use [\"\"]." items: type: "string" type: "array" diff --git a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml index d79cefcb5..aacf59622 100644 --- a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml +++ b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusteringresses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "multiclusteringresses.networking.karmada.io" spec: group: "networking.karmada.io" @@ -70,6 +70,7 @@ spec: format: "int32" type: "integer" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -83,7 +84,7 @@ spec: description: "IngressRule represents the rules mapping the paths under a specified host to\nthe related backend services. Incoming requests are first evaluated for a host\nmatch, then routed to the backend associated with the matching IngressRuleValue." properties: host: - description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." + description: "host is the fully qualified domain name of a network host, as defined by RFC 3986.\nNote the following deviations from the \"host\" part of the\nURI as defined in RFC 3986:\n1. IPs are not allowed. Currently an IngressRuleValue can only apply to\n the IP in the Spec of the parent Ingress.\n2. The `:` delimiter is not respected because ports are not allowed.\n\t Currently the port of an Ingress is implicitly :80 for http and\n\t :443 for https.\nBoth these may change in the future.\nIncoming requests are matched against the host before the\nIngressRuleValue. If the host is unspecified, the Ingress routes all\ntraffic based on the specified IngressRuleValue.\n\nhost can be \"precise\" which is a domain name without the terminating dot of\na network host (e.g. \"foo.bar.com\") or \"wildcard\", which is a domain name\nprefixed with a single wildcard label (e.g. \"*.foo.com\").\nThe wildcard character '*' must appear by itself as the first DNS label and\nmatches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\").\nRequests will be matched against the Host field in the following way:\n1. If host is precise, the request matches this rule if the http host header is equal to Host.\n2. If host is a wildcard, then the request matches this rule if the http host header\nis to equal to the suffix (removing the first label) of the wildcard rule." type: "string" http: description: "HTTPIngressRuleValue is a list of http selectors pointing to backends.\nIn the example: http:///? -> backend where\nwhere parts of the url correspond to RFC 3986, this resource will be used\nto match against everything after the last '/' and before the first '?'\nor '#'." @@ -130,6 +131,7 @@ spec: format: "int32" type: "integer" type: "object" + x-kubernetes-map-type: "atomic" required: - "name" type: "object" @@ -193,7 +195,7 @@ spec: description: "IngressPortStatus represents the error condition of a service port" properties: error: - description: "error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -202,10 +204,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "protocol is the protocol of the ingress port.\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" diff --git a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml index 05adea19e..b39a5e143 100644 --- a/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml +++ b/crd-catalog/karmada-io/karmada/networking.karmada.io/v1alpha1/multiclusterservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "multiclusterservices.networking.karmada.io" spec: group: "networking.karmada.io" @@ -41,6 +41,8 @@ spec: name: description: "Name is the name of the cluster to be selected." type: "string" + required: + - "name" type: "object" type: "array" ports: @@ -67,6 +69,8 @@ spec: name: description: "Name is the name of the cluster to be selected." type: "string" + required: + - "name" type: "object" type: "array" range: @@ -103,7 +107,7 @@ spec: conditions: description: "Current service state" items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -132,7 +136,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -169,7 +173,7 @@ spec: items: properties: error: - description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.\n---\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "Error is to record the problem with the service port\nThe format of the error shall comply with the following rules:\n- built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" @@ -178,10 +182,10 @@ spec: format: "int32" type: "integer" protocol: - default: "TCP" description: "Protocol is the protocol of the service port of which status is recorded here\nThe supported values are: \"TCP\", \"UDP\", \"SCTP\"" type: "string" required: + - "error" - "port" - "protocol" type: "object" diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml index 9fa618df0..3905af549 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusteroverridepolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusteroverridepolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -60,6 +60,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -188,7 +189,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -223,6 +224,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -327,7 +329,7 @@ spec: type: "object" type: "array" overriders: - description: "Overriders represents the override rules that would apply on resources\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "Overriders represents the override rules that would apply on resources\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: annotationsOverrider: description: "AnnotationsOverrider represents the rules dedicated to handling workload annotations" @@ -348,6 +350,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -476,7 +479,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -511,6 +514,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -593,7 +597,7 @@ spec: type: "object" type: "array" targetCluster: - description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: clusterNames: description: "ClusterNames is the list of clusters to be selected." diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml index 4637d689a..1056a744b 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/clusterpropagationpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusterpropagationpolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -44,7 +44,7 @@ spec: description: "Spec represents the desired behavior of ClusterPropagationPolicy." properties: activationPreference: - description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." + description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." enum: - "Lazy" type: "string" @@ -53,13 +53,13 @@ spec: type: "boolean" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" type: "string" dependentOverrides: - description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." + description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." items: type: "string" type: "array" @@ -90,6 +90,28 @@ spec: - "Graciously" - "Never" type: "string" + statePreservation: + description: "StatePreservation defines the policy for preserving and restoring state data\nduring failover events for stateful applications.\n\nWhen an application fails over from one cluster to another, this policy enables\nthe extraction of critical data from the original resource configuration.\nUpon successful migration, the extracted data is then re-injected into the new\nresource, ensuring that the application can resume operation with its previous\nstate intact.\nThis is particularly useful for stateful applications where maintaining data\nconsistency across failover events is crucial.\nIf not specified, means no state data will be preserved.\n\nNote: This requires the StatefulFailoverInjection feature gate to be enabled,\nwhich is alpha." + properties: + rules: + description: "Rules contains a list of StatePreservationRule configurations.\nEach rule specifies a JSONPath expression targeting specific pieces of\nstate data to be preserved during failover events. An AliasLabelName is associated\nwith each rule, serving as a label key when the preserved data is passed\nto the new cluster." + items: + description: "StatePreservationRule defines a single rule for state preservation.\nIt includes a JSONPath expression and an alias name that will be used\nas a label key when passing state information to the new cluster." + properties: + aliasLabelName: + description: "AliasLabelName is the name that will be used as a label key when the preserved\ndata is passed to the new cluster. This facilitates the injection of the\npreserved state back into the application resources during recovery." + type: "string" + jsonPath: + description: "JSONPath is the JSONPath template used to identify the state data\nto be preserved from the original resource configuration.\nThe JSONPath syntax follows the Kubernetes specification:\nhttps://kubernetes.io/docs/reference/kubectl/jsonpath/\n\nNote: The JSONPath expression will start searching from the \"status\" field of\nthe API resource object by default. For example, to extract the \"availableReplicas\"\nfrom a Deployment, the JSONPath expression should be \"{.availableReplicas}\", not\n\"{.status.availableReplicas}\"." + type: "string" + required: + - "aliasLabelName" + - "jsonPath" + type: "object" + type: "array" + required: + - "rules" + type: "object" required: - "decisionConditions" type: "object" @@ -98,7 +120,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -423,15 +445,15 @@ spec: - "Never" type: "string" preserveResourcesOnDeletion: - description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." + description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." type: "boolean" priority: default: 0 - description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\n\nThe higher the value, the higher the priority. Defaults to zero." + description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\nThe higher the value, the higher the priority. Defaults to zero." format: "int32" type: "integer" propagateDeps: - description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\n\nDefaults to false." + description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\nDefaults to false." type: "boolean" resourceSelectors: description: "ResourceSelectors used to select resources.\nNil or empty selector is not allowed and doesn't mean match all kinds\nof resources for security concerns that sensitive resources(like Secret)\nmight be accidentally propagated." diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml index 6af6c9c38..87a1eccd8 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/federatedresourcequotas.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "federatedresourcequotas.policy.karmada.io" spec: group: "policy.karmada.io" diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml index b63b4708b..ea9441212 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/overridepolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "overridepolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -60,6 +60,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -188,7 +189,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -223,6 +224,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -327,7 +329,7 @@ spec: type: "object" type: "array" overriders: - description: "Overriders represents the override rules that would apply on resources\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "Overriders represents the override rules that would apply on resources\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: annotationsOverrider: description: "AnnotationsOverrider represents the rules dedicated to handling workload annotations" @@ -348,6 +350,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" argsOverrider: @@ -476,7 +479,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\n\nIf not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - DaemonSet: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\n - Job: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one container.\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -511,6 +514,7 @@ spec: type: "object" required: - "operator" + - "value" type: "object" type: "array" plaintext: @@ -593,7 +597,7 @@ spec: type: "object" type: "array" targetCluster: - description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." + description: "TargetCluster defines restrictions on this override policy\nthat only applies to resources propagated to the matching clusters.\nnil means matching all clusters.\n\nDeprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead." properties: clusterNames: description: "ClusterNames is the list of clusters to be selected." diff --git a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml index 262396546..be914b7de 100644 --- a/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml +++ b/crd-catalog/karmada-io/karmada/policy.karmada.io/v1alpha1/propagationpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "propagationpolicies.policy.karmada.io" spec: group: "policy.karmada.io" @@ -44,7 +44,7 @@ spec: description: "Spec represents the desired behavior of PropagationPolicy." properties: activationPreference: - description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." + description: "ActivationPreference indicates how the referencing resource template will\nbe propagated, in case of policy changes.\n\nIf empty, the resource template will respond to policy changes\nimmediately, in other words, any policy changes will drive the resource\ntemplate to be propagated immediately as per the current propagation rules.\n\nIf the value is 'Lazy' means the policy changes will not take effect for now\nbut defer to the resource template changes, in other words, the resource\ntemplate will not be propagated as per the current propagation rules until\nthere is an update on it.\nThis is an experimental feature that might help in a scenario where a policy\nmanages huge amount of resource templates, changes to a policy typically\naffect numerous applications simultaneously. A minor misconfiguration\ncould lead to widespread failures. With this feature, the change can be\ngradually rolled out through iterative modifications of resource templates." enum: - "Lazy" type: "string" @@ -53,13 +53,13 @@ spec: type: "boolean" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" type: "string" dependentOverrides: - description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." + description: "DependentOverrides represents the list of overrides(OverridePolicy)\nwhich must present before the current PropagationPolicy takes effect.\n\nIt used to explicitly specify overrides which current PropagationPolicy rely on.\nA typical scenario is the users create OverridePolicy(ies) and resources at the same time,\nthey want to ensure the new-created policies would be adopted.\n\nNote: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies),\nwhich not present in this list will still be applied if they matches the resources." items: type: "string" type: "array" @@ -90,6 +90,28 @@ spec: - "Graciously" - "Never" type: "string" + statePreservation: + description: "StatePreservation defines the policy for preserving and restoring state data\nduring failover events for stateful applications.\n\nWhen an application fails over from one cluster to another, this policy enables\nthe extraction of critical data from the original resource configuration.\nUpon successful migration, the extracted data is then re-injected into the new\nresource, ensuring that the application can resume operation with its previous\nstate intact.\nThis is particularly useful for stateful applications where maintaining data\nconsistency across failover events is crucial.\nIf not specified, means no state data will be preserved.\n\nNote: This requires the StatefulFailoverInjection feature gate to be enabled,\nwhich is alpha." + properties: + rules: + description: "Rules contains a list of StatePreservationRule configurations.\nEach rule specifies a JSONPath expression targeting specific pieces of\nstate data to be preserved during failover events. An AliasLabelName is associated\nwith each rule, serving as a label key when the preserved data is passed\nto the new cluster." + items: + description: "StatePreservationRule defines a single rule for state preservation.\nIt includes a JSONPath expression and an alias name that will be used\nas a label key when passing state information to the new cluster." + properties: + aliasLabelName: + description: "AliasLabelName is the name that will be used as a label key when the preserved\ndata is passed to the new cluster. This facilitates the injection of the\npreserved state back into the application resources during recovery." + type: "string" + jsonPath: + description: "JSONPath is the JSONPath template used to identify the state data\nto be preserved from the original resource configuration.\nThe JSONPath syntax follows the Kubernetes specification:\nhttps://kubernetes.io/docs/reference/kubectl/jsonpath/\n\nNote: The JSONPath expression will start searching from the \"status\" field of\nthe API resource object by default. For example, to extract the \"availableReplicas\"\nfrom a Deployment, the JSONPath expression should be \"{.availableReplicas}\", not\n\"{.status.availableReplicas}\"." + type: "string" + required: + - "aliasLabelName" + - "jsonPath" + type: "object" + type: "array" + required: + - "rules" + type: "object" required: - "decisionConditions" type: "object" @@ -98,7 +120,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -423,15 +445,15 @@ spec: - "Never" type: "string" preserveResourcesOnDeletion: - description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." + description: "PreserveResourcesOnDeletion controls whether resources should be preserved on the\nmember clusters when the resource template is deleted.\nIf set to true, resources will be preserved on the member clusters.\nDefault is false, which means resources will be deleted along with the resource template.\n\nThis setting is particularly useful during workload migration scenarios to ensure\nthat rollback can occur quickly without affecting the workloads running on the\nmember clusters.\n\nAdditionally, this setting applies uniformly across all member clusters and will not\nselectively control preservation on only some clusters.\n\nNote: This setting does not apply to the deletion of the policy itself.\nWhen the policy is deleted, the resource templates and their corresponding\npropagated resources in member clusters will remain unchanged unless explicitly deleted." type: "boolean" priority: default: 0 - description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\n\nThe higher the value, the higher the priority. Defaults to zero." + description: "Priority indicates the importance of a policy(PropagationPolicy or ClusterPropagationPolicy).\nA policy will be applied for the matched resource templates if there is\nno other policies with higher priority at the point of the resource\ntemplate be processed.\nOnce a resource template has been claimed by a policy, by default it will\nnot be preempted by following policies even with a higher priority.\nSee Preemption for more details.\n\nIn case of two policies have the same priority, the one with a more precise\nmatching rules in ResourceSelectors wins:\n- matching by name(resourceSelector.name) has higher priority than\n by selector(resourceSelector.labelSelector)\n- matching by selector(resourceSelector.labelSelector) has higher priority\n than by APIVersion(resourceSelector.apiVersion) and Kind(resourceSelector.kind).\nIf there is still no winner at this point, the one with the lower alphabetic\norder wins, e.g. policy 'bar' has higher priority than 'foo'.\n\nThe higher the value, the higher the priority. Defaults to zero." format: "int32" type: "integer" propagateDeps: - description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\n\nDefaults to false." + description: "PropagateDeps tells if relevant resources should be propagated automatically.\nTake 'Deployment' which referencing 'ConfigMap' and 'Secret' as an example, when 'propagateDeps' is 'true',\nthe referencing resources could be omitted(for saving config effort) from 'resourceSelectors' as they will be\npropagated along with the Deployment. In addition to the propagating process, the referencing resources will be\nmigrated along with the Deployment in the fail-over scenario.\n\nDefaults to false." type: "boolean" resourceSelectors: description: "ResourceSelectors used to select resources.\nNil or empty selector is not allowed and doesn't mean match all kinds\nof resources for security concerns that sensitive resources(like Secret)\nmight be accidentally propagated." diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml index 185a56b4d..d8d9ff874 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/clusterresourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusterresourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -116,7 +116,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -145,7 +145,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml index cae7326cb..9dea381d1 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/resourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -116,7 +116,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -145,7 +145,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml index 9da3c1f1d..e0a1ebe74 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha1/works.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "works.work.karmada.io" spec: group: "work.karmada.io" @@ -67,7 +67,7 @@ spec: conditions: description: "Conditions contain the different condition statuses for this work.\nValid condition types are:\n1. Applied represents workload in Work is applied successfully on a managed cluster.\n2. Progressing represents workload in Work is being applied on a managed cluster.\n3. Available represents workload in Work exists on the managed cluster.\n4. Degraded represents the current state of workload does not match the desired\nstate for a certain period." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -96,7 +96,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml index f3bab66b8..71bea4e9b 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/clusterresourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "clusterresourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -61,7 +61,7 @@ spec: type: "array" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" @@ -93,6 +93,28 @@ spec: - "Graciously" - "Never" type: "string" + statePreservation: + description: "StatePreservation defines the policy for preserving and restoring state data\nduring failover events for stateful applications.\n\nWhen an application fails over from one cluster to another, this policy enables\nthe extraction of critical data from the original resource configuration.\nUpon successful migration, the extracted data is then re-injected into the new\nresource, ensuring that the application can resume operation with its previous\nstate intact.\nThis is particularly useful for stateful applications where maintaining data\nconsistency across failover events is crucial.\nIf not specified, means no state data will be preserved.\n\nNote: This requires the StatefulFailoverInjection feature gate to be enabled,\nwhich is alpha." + properties: + rules: + description: "Rules contains a list of StatePreservationRule configurations.\nEach rule specifies a JSONPath expression targeting specific pieces of\nstate data to be preserved during failover events. An AliasLabelName is associated\nwith each rule, serving as a label key when the preserved data is passed\nto the new cluster." + items: + description: "StatePreservationRule defines a single rule for state preservation.\nIt includes a JSONPath expression and an alias name that will be used\nas a label key when passing state information to the new cluster." + properties: + aliasLabelName: + description: "AliasLabelName is the name that will be used as a label key when the preserved\ndata is passed to the new cluster. This facilitates the injection of the\npreserved state back into the application resources during recovery." + type: "string" + jsonPath: + description: "JSONPath is the JSONPath template used to identify the state data\nto be preserved from the original resource configuration.\nThe JSONPath syntax follows the Kubernetes specification:\nhttps://kubernetes.io/docs/reference/kubectl/jsonpath/\n\nNote: The JSONPath expression will start searching from the \"status\" field of\nthe API resource object by default. For example, to extract the \"availableReplicas\"\nfrom a Deployment, the JSONPath expression should be \"{.availableReplicas}\", not\n\"{.status.availableReplicas}\"." + type: "string" + required: + - "aliasLabelName" + - "jsonPath" + type: "object" + type: "array" + required: + - "rules" + type: "object" required: - "decisionConditions" type: "object" @@ -102,8 +124,13 @@ spec: items: description: "GracefulEvictionTask represents a graceful eviction task." properties: + clustersBeforeFailover: + description: "ClustersBeforeFailover records the clusters where running the application before failover." + items: + type: "string" + type: "array" creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\n\nPopulated by the system. Read-only." + description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\nPopulated by the system. Read-only." format: "date-time" type: "string" fromCluster: @@ -117,9 +144,21 @@ spec: description: "Message is a human-readable message indicating details about the eviction.\nThis may be an empty string." maxLength: 1024 type: "string" + preservedLabelState: + additionalProperties: + type: "string" + description: "PreservedLabelState represents the application state information collected from the original cluster,\nand it will be injected into the new cluster in form of application labels." + type: "object" producer: description: "Producer indicates the controller who triggered the eviction." type: "string" + purgeMode: + description: "PurgeMode represents how to deal with the legacy applications on the\ncluster from which the application is migrated.\nValid options are \"Immediately\", \"Graciously\" and \"Never\"." + enum: + - "Immediately" + - "Graciously" + - "Never" + type: "string" reason: description: "Reason contains a programmatic identifier indicating the reason for the eviction.\nProducers may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 32 @@ -143,7 +182,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -615,7 +654,7 @@ spec: type: "object" type: "array" rescheduleTriggeredAt: - description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." + description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." format: "date-time" type: "string" resource: @@ -701,7 +740,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -730,7 +769,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml index ab7146ddd..f778db303 100644 --- a/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml +++ b/crd-catalog/karmada-io/karmada/work.karmada.io/v1alpha2/resourcebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "resourcebindings.work.karmada.io" spec: group: "work.karmada.io" @@ -61,7 +61,7 @@ spec: type: "array" conflictResolution: default: "Abort" - description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." + description: "ConflictResolution declares how potential conflict should be handled when\na resource that is being propagated already exists in the target cluster.\n\nIt defaults to \"Abort\" which means stop propagating to avoid unexpected\noverwrites. The \"Overwrite\" might be useful when migrating legacy cluster\nresources to Karmada, in which case conflict is predictable and can be\ninstructed to Karmada take over the resource by overwriting." enum: - "Abort" - "Overwrite" @@ -93,6 +93,28 @@ spec: - "Graciously" - "Never" type: "string" + statePreservation: + description: "StatePreservation defines the policy for preserving and restoring state data\nduring failover events for stateful applications.\n\nWhen an application fails over from one cluster to another, this policy enables\nthe extraction of critical data from the original resource configuration.\nUpon successful migration, the extracted data is then re-injected into the new\nresource, ensuring that the application can resume operation with its previous\nstate intact.\nThis is particularly useful for stateful applications where maintaining data\nconsistency across failover events is crucial.\nIf not specified, means no state data will be preserved.\n\nNote: This requires the StatefulFailoverInjection feature gate to be enabled,\nwhich is alpha." + properties: + rules: + description: "Rules contains a list of StatePreservationRule configurations.\nEach rule specifies a JSONPath expression targeting specific pieces of\nstate data to be preserved during failover events. An AliasLabelName is associated\nwith each rule, serving as a label key when the preserved data is passed\nto the new cluster." + items: + description: "StatePreservationRule defines a single rule for state preservation.\nIt includes a JSONPath expression and an alias name that will be used\nas a label key when passing state information to the new cluster." + properties: + aliasLabelName: + description: "AliasLabelName is the name that will be used as a label key when the preserved\ndata is passed to the new cluster. This facilitates the injection of the\npreserved state back into the application resources during recovery." + type: "string" + jsonPath: + description: "JSONPath is the JSONPath template used to identify the state data\nto be preserved from the original resource configuration.\nThe JSONPath syntax follows the Kubernetes specification:\nhttps://kubernetes.io/docs/reference/kubectl/jsonpath/\n\nNote: The JSONPath expression will start searching from the \"status\" field of\nthe API resource object by default. For example, to extract the \"availableReplicas\"\nfrom a Deployment, the JSONPath expression should be \"{.availableReplicas}\", not\n\"{.status.availableReplicas}\"." + type: "string" + required: + - "aliasLabelName" + - "jsonPath" + type: "object" + type: "array" + required: + - "rules" + type: "object" required: - "decisionConditions" type: "object" @@ -102,8 +124,13 @@ spec: items: description: "GracefulEvictionTask represents a graceful eviction task." properties: + clustersBeforeFailover: + description: "ClustersBeforeFailover records the clusters where running the application before failover." + items: + type: "string" + type: "array" creationTimestamp: - description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\n\nPopulated by the system. Read-only." + description: "CreationTimestamp is a timestamp representing the server time when this object was\ncreated.\nClients should not set this value to avoid the time inconsistency issue.\nIt is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC.\n\nPopulated by the system. Read-only." format: "date-time" type: "string" fromCluster: @@ -117,9 +144,21 @@ spec: description: "Message is a human-readable message indicating details about the eviction.\nThis may be an empty string." maxLength: 1024 type: "string" + preservedLabelState: + additionalProperties: + type: "string" + description: "PreservedLabelState represents the application state information collected from the original cluster,\nand it will be injected into the new cluster in form of application labels." + type: "object" producer: description: "Producer indicates the controller who triggered the eviction." type: "string" + purgeMode: + description: "PurgeMode represents how to deal with the legacy applications on the\ncluster from which the application is migrated.\nValid options are \"Immediately\", \"Graciously\" and \"Never\"." + enum: + - "Immediately" + - "Graciously" + - "Never" + type: "string" reason: description: "Reason contains a programmatic identifier indicating the reason for the eviction.\nProducers may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty." maxLength: 32 @@ -143,7 +182,7 @@ spec: description: "Placement represents the rule for select clusters to propagate resources." properties: clusterAffinities: - description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." + description: "ClusterAffinities represents scheduling restrictions to multiple cluster\ngroups that indicated by ClusterAffinityTerm.\n\nThe scheduler will evaluate these groups one by one in the order they\nappear in the spec, the group that does not satisfy scheduling restrictions\nwill be ignored which means all clusters in this group will not be selected\nunless it also belongs to the next group(a cluster could belong to multiple\ngroups).\n\nIf none of the groups satisfy the scheduling restrictions, then scheduling\nfails, which means no cluster will be selected.\n\nNote:\n 1. ClusterAffinities can not co-exist with ClusterAffinity.\n 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster\n can be scheduling candidates.\n\nPotential use case 1:\nThe private clusters in the local data center could be the main group, and\nthe managed clusters provided by cluster providers could be the secondary\ngroup. So that the Karmada scheduler would prefer to schedule workloads\nto the main group and the second group will only be considered in case of\nthe main group does not satisfy restrictions(like, lack of resources).\n\nPotential use case 2:\nFor the disaster recovery scenario, the clusters could be organized to\nprimary and backup groups, the workloads would be scheduled to primary\nclusters firstly, and when primary cluster fails(like data center power off),\nKarmada scheduler could migrate workloads to the backup clusters." items: description: "ClusterAffinityTerm selects a set of cluster." properties: @@ -615,7 +654,7 @@ spec: type: "object" type: "array" rescheduleTriggeredAt: - description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." + description: "RescheduleTriggeredAt is a timestamp representing when the referenced resource is triggered rescheduling.\nWhen this field is updated, it means a rescheduling is manually triggered by user, and the expected behavior\nof this action is to do a complete recalculation without referring to last scheduling results.\nIt works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in\nstatus.lastScheduledTime will the rescheduling actually execute, otherwise, ignored.\n\nIt is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC." format: "date-time" type: "string" resource: @@ -701,7 +740,7 @@ spec: conditions: description: "Conditions contain the different condition statuses." items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -730,7 +769,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml index 23cbd3435..55464435f 100644 --- a/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml +++ b/crd-catalog/kiali/kiali-operator/kiali.io/v1alpha1/kialis.yaml @@ -420,6 +420,36 @@ spec: priority_class_name: description: "The priorityClassName used to assign the priority of the Kiali pod." type: "string" + probes: + description: "Configures the liveness, readiness, and startup probes of the Kiali pod." + properties: + liveness: + description: "Configures the liveness probe of the Kiali pod." + properties: + initial_delay_seconds: + type: "integer" + period_seconds: + type: "integer" + type: "object" + readiness: + description: "Configures the readiness probe of the Kiali pod." + properties: + initial_delay_seconds: + type: "integer" + period_seconds: + type: "integer" + type: "object" + startup: + description: "Configures the startup probe of the Kiali pod." + properties: + failure_threshold: + type: "integer" + initial_delay_seconds: + type: "integer" + period_seconds: + type: "integer" + type: "object" + type: "object" remote_cluster_resources_only: description: "When `true`, only those resources necessary for a remote Kiali Server to access this cluster are created (such as the service account and roles/bindings). There will be no Kiali Server deployment/pod created when this is `true`." type: "boolean" @@ -851,6 +881,12 @@ spec: tempo_config: description: "Settings used to configure the access url to the Tempo Datasource in Grafana." properties: + cache_capacity: + description: "When `cache_enabled` is true, the number of traces saved in the cache. 200 by default." + type: "integer" + cache_enabled: + description: "A FIFO cache with the last `cache_capacity` traces viewed." + type: "boolean" datasource_uid: description: "The unique identifier (uid) of the Tempo datasource in Grafana." type: "string" @@ -1004,9 +1040,27 @@ spec: type: "string" type: "object" type: "array" + settings: + description: "Various presentation options." + properties: + animation: + description: "The traffic animation style. Value must be one of: `dash` or `point`. Default is `point`." + enum: + - "dash" + - "point" + type: "string" + type: "object" traffic: description: "These settings determine which rates are used to determine graph traffic." properties: + ambient: + description: "Ambient traffic is reported by ztunnel and/or waypoints. Value must be one of: `none`, `total`, `waypoint`, or `ztunnel`." + enum: + - "none" + - "total" + - "waypoint" + - "ztunnel" + type: "string" grpc: description: "gRPC traffic is measured in requests or sent/received/total messages. Value must be one of: `none`, `requests`, `sent`, `received`, or `total`." enum: diff --git a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml index 408eedd96..e1a7469b7 100644 --- a/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml +++ b/crd-catalog/kiegroup/kogito-serverless-operator/sonataflow.org/v1alpha08/sonataflows.yaml @@ -6379,6 +6379,9 @@ spec: endpoint: description: "Endpoint is an externally accessible URL of the workflow" type: "string" + flowCRC: + format: "int32" + type: "integer" lastTimeRecoverAttempt: format: "date-time" type: "string" diff --git a/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml b/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml index d3302dc63..cee0e39f9 100644 --- a/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml +++ b/crd-catalog/kube-green/kube-green/kube-green.com/v1alpha1/sleepinfos.yaml @@ -105,7 +105,7 @@ spec: suspendDeployments: description: "If SuspendDeployments is set to false, on sleep the deployment of the namespace will not be suspended. By default Deployment will be suspended." type: "boolean" - suspendStatefulsets: + suspendStatefulSets: description: "If SuspendStatefulSets is set to false, on sleep the statefulset of the namespace will not be suspended. By default StatefulSet will be suspended." type: "boolean" timeZone: diff --git a/crd-catalog/kube-logging/logging-operator/logging-extensions.banzaicloud.io/v1alpha1/hosttailers.yaml b/crd-catalog/kube-logging/logging-operator/logging-extensions.banzaicloud.io/v1alpha1/hosttailers.yaml index 09c139c66..1f8785abf 100644 --- a/crd-catalog/kube-logging/logging-operator/logging-extensions.banzaicloud.io/v1alpha1/hosttailers.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging-extensions.banzaicloud.io/v1alpha1/hosttailers.yaml @@ -2675,8 +2675,6 @@ spec: type: "object" type: "array" type: "object" - required: - - "workloadMetaOverrides" type: "object" status: type: "object" diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml index b380eb872..bbbc46733 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusterflows.yaml @@ -129,156 +129,6 @@ spec: use_record_as_seed: type: "boolean" type: "object" - enhanceK8s: - properties: - api_groups: - items: - type: "string" - type: "array" - bearer_token_file: - type: "string" - ca_file: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - cache_refresh: - type: "integer" - cache_refresh_variation: - type: "integer" - cache_size: - type: "integer" - cache_ttl: - type: "integer" - client_cert: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - client_key: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - core_api_versions: - items: - type: "string" - type: "array" - data_type: - type: "string" - in_namespace_path: - items: - type: "string" - type: "array" - in_pod_path: - items: - type: "string" - type: "array" - kubernetes_url: - type: "string" - secret_dir: - type: "string" - ssl_partial_chain: - type: "boolean" - verify_ssl: - type: "boolean" - type: "object" geoip: properties: backend_library: @@ -913,61 +763,6 @@ spec: output_type: type: "string" type: "object" - sumologic: - properties: - collector_key_name: - type: "string" - collector_value: - type: "string" - exclude_container_regex: - type: "string" - exclude_facility_regex: - type: "string" - exclude_host_regex: - type: "string" - exclude_namespace_regex: - type: "string" - exclude_pod_regex: - type: "string" - exclude_priority_regex: - type: "string" - exclude_unit_regex: - type: "string" - log_format: - type: "string" - source_category: - type: "string" - source_category_key_name: - type: "string" - source_category_prefix: - type: "string" - source_category_replace_dash: - type: "string" - source_host: - type: "string" - source_host_key_name: - type: "string" - source_name: - type: "string" - source_name_key_name: - type: "string" - tracing_annotation_prefix: - type: "string" - tracing_container_name: - type: "string" - tracing_format: - type: "boolean" - tracing_host: - type: "string" - tracing_label_prefix: - type: "string" - tracing_namespace: - type: "string" - tracing_pod: - type: "string" - tracing_pod_id: - type: "string" - type: "object" tag_normaliser: properties: format: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusteroutputs.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusteroutputs.yaml index 181299600..361beff24 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusteroutputs.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/clusteroutputs.yaml @@ -6593,162 +6593,6 @@ spec: tag_property_name: type: "string" type: "object" - sumologic: - properties: - add_timestamp: - type: "boolean" - buffer: - properties: - chunk_full_threshold: - type: "string" - chunk_limit_records: - type: "integer" - chunk_limit_size: - type: "string" - compress: - type: "string" - delayed_commit_timeout: - type: "string" - disable_chunk_backup: - type: "boolean" - disabled: - type: "boolean" - flush_at_shutdown: - type: "boolean" - flush_interval: - type: "string" - flush_mode: - type: "string" - flush_thread_burst_interval: - type: "string" - flush_thread_count: - type: "integer" - flush_thread_interval: - type: "string" - overflow_action: - type: "string" - path: - type: "string" - queue_limit_length: - type: "integer" - queued_chunks_limit_size: - type: "integer" - retry_exponential_backoff_base: - type: "string" - retry_forever: - type: "boolean" - retry_max_interval: - type: "string" - retry_max_times: - type: "integer" - retry_randomize: - type: "boolean" - retry_secondary_threshold: - type: "string" - retry_timeout: - type: "string" - retry_type: - type: "string" - retry_wait: - type: "string" - tags: - type: "string" - timekey: - type: "string" - timekey_use_utc: - type: "boolean" - timekey_wait: - type: "string" - timekey_zone: - type: "string" - total_limit_size: - type: "string" - type: - type: "string" - type: "object" - compress: - type: "boolean" - compress_encoding: - type: "string" - custom_dimensions: - type: "string" - custom_fields: - items: - type: "string" - type: "array" - data_type: - type: "string" - delimiter: - type: "string" - disable_cookies: - type: "boolean" - endpoint: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - log_format: - type: "string" - log_key: - type: "string" - metric_data_format: - type: "string" - open_timeout: - type: "integer" - proxy_uri: - type: "string" - slow_flush_log_threshold: - type: "string" - source_category: - type: "string" - source_host: - type: "string" - source_name: - type: "string" - source_name_key: - type: "string" - sumo_client: - type: "string" - timestamp_key: - type: "string" - verify_ssl: - type: "boolean" - required: - - "endpoint" - - "source_name" - type: "object" syslog: properties: allow_self_signed_cert: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml index fa4bdfc53..203331db1 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/flows.yaml @@ -129,156 +129,6 @@ spec: use_record_as_seed: type: "boolean" type: "object" - enhanceK8s: - properties: - api_groups: - items: - type: "string" - type: "array" - bearer_token_file: - type: "string" - ca_file: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - cache_refresh: - type: "integer" - cache_refresh_variation: - type: "integer" - cache_size: - type: "integer" - cache_ttl: - type: "integer" - client_cert: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - client_key: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - core_api_versions: - items: - type: "string" - type: "array" - data_type: - type: "string" - in_namespace_path: - items: - type: "string" - type: "array" - in_pod_path: - items: - type: "string" - type: "array" - kubernetes_url: - type: "string" - secret_dir: - type: "string" - ssl_partial_chain: - type: "boolean" - verify_ssl: - type: "boolean" - type: "object" geoip: properties: backend_library: @@ -913,61 +763,6 @@ spec: output_type: type: "string" type: "object" - sumologic: - properties: - collector_key_name: - type: "string" - collector_value: - type: "string" - exclude_container_regex: - type: "string" - exclude_facility_regex: - type: "string" - exclude_host_regex: - type: "string" - exclude_namespace_regex: - type: "string" - exclude_pod_regex: - type: "string" - exclude_priority_regex: - type: "string" - exclude_unit_regex: - type: "string" - log_format: - type: "string" - source_category: - type: "string" - source_category_key_name: - type: "string" - source_category_prefix: - type: "string" - source_category_replace_dash: - type: "string" - source_host: - type: "string" - source_host_key_name: - type: "string" - source_name: - type: "string" - source_name_key_name: - type: "string" - tracing_annotation_prefix: - type: "string" - tracing_container_name: - type: "string" - tracing_format: - type: "boolean" - tracing_host: - type: "string" - tracing_label_prefix: - type: "string" - tracing_namespace: - type: "string" - tracing_pod: - type: "string" - tracing_pod_id: - type: "string" - type: "object" tag_normaliser: properties: format: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/outputs.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/outputs.yaml index fee4e2fb9..8390e072e 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/outputs.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1alpha1/outputs.yaml @@ -6255,162 +6255,6 @@ spec: tag_property_name: type: "string" type: "object" - sumologic: - properties: - add_timestamp: - type: "boolean" - buffer: - properties: - chunk_full_threshold: - type: "string" - chunk_limit_records: - type: "integer" - chunk_limit_size: - type: "string" - compress: - type: "string" - delayed_commit_timeout: - type: "string" - disable_chunk_backup: - type: "boolean" - disabled: - type: "boolean" - flush_at_shutdown: - type: "boolean" - flush_interval: - type: "string" - flush_mode: - type: "string" - flush_thread_burst_interval: - type: "string" - flush_thread_count: - type: "integer" - flush_thread_interval: - type: "string" - overflow_action: - type: "string" - path: - type: "string" - queue_limit_length: - type: "integer" - queued_chunks_limit_size: - type: "integer" - retry_exponential_backoff_base: - type: "string" - retry_forever: - type: "boolean" - retry_max_interval: - type: "string" - retry_max_times: - type: "integer" - retry_randomize: - type: "boolean" - retry_secondary_threshold: - type: "string" - retry_timeout: - type: "string" - retry_type: - type: "string" - retry_wait: - type: "string" - tags: - type: "string" - timekey: - type: "string" - timekey_use_utc: - type: "boolean" - timekey_wait: - type: "string" - timekey_zone: - type: "string" - total_limit_size: - type: "string" - type: - type: "string" - type: "object" - compress: - type: "boolean" - compress_encoding: - type: "string" - custom_dimensions: - type: "string" - custom_fields: - items: - type: "string" - type: "array" - data_type: - type: "string" - delimiter: - type: "string" - disable_cookies: - type: "boolean" - endpoint: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - log_format: - type: "string" - log_key: - type: "string" - metric_data_format: - type: "string" - open_timeout: - type: "integer" - proxy_uri: - type: "string" - slow_flush_log_threshold: - type: "string" - source_category: - type: "string" - source_host: - type: "string" - source_name: - type: "string" - source_name_key: - type: "string" - sumo_client: - type: "string" - timestamp_key: - type: "string" - verify_ssl: - type: "boolean" - required: - - "endpoint" - - "source_name" - type: "object" syslog: properties: allow_self_signed_cert: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml index 68e420318..716aacc3c 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusterflows.yaml @@ -129,156 +129,6 @@ spec: use_record_as_seed: type: "boolean" type: "object" - enhanceK8s: - properties: - api_groups: - items: - type: "string" - type: "array" - bearer_token_file: - type: "string" - ca_file: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - cache_refresh: - type: "integer" - cache_refresh_variation: - type: "integer" - cache_size: - type: "integer" - cache_ttl: - type: "integer" - client_cert: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - client_key: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - core_api_versions: - items: - type: "string" - type: "array" - data_type: - type: "string" - in_namespace_path: - items: - type: "string" - type: "array" - in_pod_path: - items: - type: "string" - type: "array" - kubernetes_url: - type: "string" - secret_dir: - type: "string" - ssl_partial_chain: - type: "boolean" - verify_ssl: - type: "boolean" - type: "object" geoip: properties: backend_library: @@ -913,61 +763,6 @@ spec: output_type: type: "string" type: "object" - sumologic: - properties: - collector_key_name: - type: "string" - collector_value: - type: "string" - exclude_container_regex: - type: "string" - exclude_facility_regex: - type: "string" - exclude_host_regex: - type: "string" - exclude_namespace_regex: - type: "string" - exclude_pod_regex: - type: "string" - exclude_priority_regex: - type: "string" - exclude_unit_regex: - type: "string" - log_format: - type: "string" - source_category: - type: "string" - source_category_key_name: - type: "string" - source_category_prefix: - type: "string" - source_category_replace_dash: - type: "string" - source_host: - type: "string" - source_host_key_name: - type: "string" - source_name: - type: "string" - source_name_key_name: - type: "string" - tracing_annotation_prefix: - type: "string" - tracing_container_name: - type: "string" - tracing_format: - type: "boolean" - tracing_host: - type: "string" - tracing_label_prefix: - type: "string" - tracing_namespace: - type: "string" - tracing_pod: - type: "string" - tracing_pod_id: - type: "string" - type: "object" tag_normaliser: properties: format: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusteroutputs.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusteroutputs.yaml index 9b34994fa..0c8338fac 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusteroutputs.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/clusteroutputs.yaml @@ -6593,162 +6593,6 @@ spec: tag_property_name: type: "string" type: "object" - sumologic: - properties: - add_timestamp: - type: "boolean" - buffer: - properties: - chunk_full_threshold: - type: "string" - chunk_limit_records: - type: "integer" - chunk_limit_size: - type: "string" - compress: - type: "string" - delayed_commit_timeout: - type: "string" - disable_chunk_backup: - type: "boolean" - disabled: - type: "boolean" - flush_at_shutdown: - type: "boolean" - flush_interval: - type: "string" - flush_mode: - type: "string" - flush_thread_burst_interval: - type: "string" - flush_thread_count: - type: "integer" - flush_thread_interval: - type: "string" - overflow_action: - type: "string" - path: - type: "string" - queue_limit_length: - type: "integer" - queued_chunks_limit_size: - type: "integer" - retry_exponential_backoff_base: - type: "string" - retry_forever: - type: "boolean" - retry_max_interval: - type: "string" - retry_max_times: - type: "integer" - retry_randomize: - type: "boolean" - retry_secondary_threshold: - type: "string" - retry_timeout: - type: "string" - retry_type: - type: "string" - retry_wait: - type: "string" - tags: - type: "string" - timekey: - type: "string" - timekey_use_utc: - type: "boolean" - timekey_wait: - type: "string" - timekey_zone: - type: "string" - total_limit_size: - type: "string" - type: - type: "string" - type: "object" - compress: - type: "boolean" - compress_encoding: - type: "string" - custom_dimensions: - type: "string" - custom_fields: - items: - type: "string" - type: "array" - data_type: - type: "string" - delimiter: - type: "string" - disable_cookies: - type: "boolean" - endpoint: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - log_format: - type: "string" - log_key: - type: "string" - metric_data_format: - type: "string" - open_timeout: - type: "integer" - proxy_uri: - type: "string" - slow_flush_log_threshold: - type: "string" - source_category: - type: "string" - source_host: - type: "string" - source_name: - type: "string" - source_name_key: - type: "string" - sumo_client: - type: "string" - timestamp_key: - type: "string" - verify_ssl: - type: "boolean" - required: - - "endpoint" - - "source_name" - type: "object" syslog: properties: allow_self_signed_cert: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml index a0ba77801..c12484c62 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/flows.yaml @@ -129,156 +129,6 @@ spec: use_record_as_seed: type: "boolean" type: "object" - enhanceK8s: - properties: - api_groups: - items: - type: "string" - type: "array" - bearer_token_file: - type: "string" - ca_file: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - cache_refresh: - type: "integer" - cache_refresh_variation: - type: "integer" - cache_size: - type: "integer" - cache_ttl: - type: "integer" - client_cert: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - client_key: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - core_api_versions: - items: - type: "string" - type: "array" - data_type: - type: "string" - in_namespace_path: - items: - type: "string" - type: "array" - in_pod_path: - items: - type: "string" - type: "array" - kubernetes_url: - type: "string" - secret_dir: - type: "string" - ssl_partial_chain: - type: "boolean" - verify_ssl: - type: "boolean" - type: "object" geoip: properties: backend_library: @@ -913,61 +763,6 @@ spec: output_type: type: "string" type: "object" - sumologic: - properties: - collector_key_name: - type: "string" - collector_value: - type: "string" - exclude_container_regex: - type: "string" - exclude_facility_regex: - type: "string" - exclude_host_regex: - type: "string" - exclude_namespace_regex: - type: "string" - exclude_pod_regex: - type: "string" - exclude_priority_regex: - type: "string" - exclude_unit_regex: - type: "string" - log_format: - type: "string" - source_category: - type: "string" - source_category_key_name: - type: "string" - source_category_prefix: - type: "string" - source_category_replace_dash: - type: "string" - source_host: - type: "string" - source_host_key_name: - type: "string" - source_name: - type: "string" - source_name_key_name: - type: "string" - tracing_annotation_prefix: - type: "string" - tracing_container_name: - type: "string" - tracing_format: - type: "boolean" - tracing_host: - type: "string" - tracing_label_prefix: - type: "string" - tracing_namespace: - type: "string" - tracing_pod: - type: "string" - tracing_pod_id: - type: "string" - type: "object" tag_normaliser: properties: format: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml index ed7d7f5f8..9e0da5c98 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/fluentbitagents.yaml @@ -1163,6 +1163,8 @@ spec: type: "string" enableUpstream: type: "boolean" + enabledIPv6: + type: "boolean" envVars: items: properties: @@ -2465,6 +2467,8 @@ spec: type: "object" security: properties: + createOpenShiftSCC: + type: "boolean" podSecurityContext: properties: appArmorProfile: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml index 2ba5064ba..9bc52fa2d 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/loggings.yaml @@ -156,156 +156,6 @@ spec: use_record_as_seed: type: "boolean" type: "object" - enhanceK8s: - properties: - api_groups: - items: - type: "string" - type: "array" - bearer_token_file: - type: "string" - ca_file: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - cache_refresh: - type: "integer" - cache_refresh_variation: - type: "integer" - cache_size: - type: "integer" - cache_ttl: - type: "integer" - client_cert: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - client_key: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - core_api_versions: - items: - type: "string" - type: "array" - data_type: - type: "string" - in_namespace_path: - items: - type: "string" - type: "array" - in_pod_path: - items: - type: "string" - type: "array" - kubernetes_url: - type: "string" - secret_dir: - type: "string" - ssl_partial_chain: - type: "boolean" - verify_ssl: - type: "boolean" - type: "object" geoip: properties: backend_library: @@ -940,61 +790,6 @@ spec: output_type: type: "string" type: "object" - sumologic: - properties: - collector_key_name: - type: "string" - collector_value: - type: "string" - exclude_container_regex: - type: "string" - exclude_facility_regex: - type: "string" - exclude_host_regex: - type: "string" - exclude_namespace_regex: - type: "string" - exclude_pod_regex: - type: "string" - exclude_priority_regex: - type: "string" - exclude_unit_regex: - type: "string" - log_format: - type: "string" - source_category: - type: "string" - source_category_key_name: - type: "string" - source_category_prefix: - type: "string" - source_category_replace_dash: - type: "string" - source_host: - type: "string" - source_host_key_name: - type: "string" - source_name: - type: "string" - source_name_key_name: - type: "string" - tracing_annotation_prefix: - type: "string" - tracing_container_name: - type: "string" - tracing_format: - type: "boolean" - tracing_host: - type: "string" - tracing_label_prefix: - type: "string" - tracing_namespace: - type: "string" - tracing_pod: - type: "string" - tracing_pod_id: - type: "string" - type: "object" tag_normaliser: properties: format: @@ -2191,6 +1986,8 @@ spec: type: "string" enableUpstream: type: "boolean" + enabledIPv6: + type: "boolean" envVars: items: properties: @@ -3493,6 +3290,8 @@ spec: type: "object" security: properties: + createOpenShiftSCC: + type: "boolean" podSecurityContext: properties: appArmorProfile: @@ -4911,6 +4710,8 @@ spec: type: "string" enableMsgpackTimeSupport: type: "boolean" + enabledIPv6: + type: "boolean" envVars: items: properties: @@ -6161,6 +5962,8 @@ spec: type: "object" security: properties: + createOpenShiftSCC: + type: "boolean" podSecurityContext: properties: appArmorProfile: @@ -7244,156 +7047,6 @@ spec: use_record_as_seed: type: "boolean" type: "object" - enhanceK8s: - properties: - api_groups: - items: - type: "string" - type: "array" - bearer_token_file: - type: "string" - ca_file: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - cache_refresh: - type: "integer" - cache_refresh_variation: - type: "integer" - cache_size: - type: "integer" - cache_ttl: - type: "integer" - client_cert: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - client_key: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - core_api_versions: - items: - type: "string" - type: "array" - data_type: - type: "string" - in_namespace_path: - items: - type: "string" - type: "array" - in_pod_path: - items: - type: "string" - type: "array" - kubernetes_url: - type: "string" - secret_dir: - type: "string" - ssl_partial_chain: - type: "boolean" - verify_ssl: - type: "boolean" - type: "object" geoip: properties: backend_library: @@ -8028,61 +7681,6 @@ spec: output_type: type: "string" type: "object" - sumologic: - properties: - collector_key_name: - type: "string" - collector_value: - type: "string" - exclude_container_regex: - type: "string" - exclude_facility_regex: - type: "string" - exclude_host_regex: - type: "string" - exclude_namespace_regex: - type: "string" - exclude_pod_regex: - type: "string" - exclude_priority_regex: - type: "string" - exclude_unit_regex: - type: "string" - log_format: - type: "string" - source_category: - type: "string" - source_category_key_name: - type: "string" - source_category_prefix: - type: "string" - source_category_replace_dash: - type: "string" - source_host: - type: "string" - source_host_key_name: - type: "string" - source_name: - type: "string" - source_name_key_name: - type: "string" - tracing_annotation_prefix: - type: "string" - tracing_container_name: - type: "string" - tracing_format: - type: "boolean" - tracing_host: - type: "string" - tracing_label_prefix: - type: "string" - tracing_namespace: - type: "string" - tracing_pod: - type: "string" - tracing_pod_id: - type: "string" - type: "object" tag_normaliser: properties: format: @@ -12746,6 +12344,8 @@ spec: type: "object" security: properties: + createOpenShiftSCC: + type: "boolean" podSecurityContext: properties: appArmorProfile: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml index 39e5eb14b..be3f95654 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/nodeagents.yaml @@ -4650,6 +4650,8 @@ spec: type: "object" security: properties: + createOpenShiftSCC: + type: "boolean" podSecurityContext: properties: appArmorProfile: diff --git a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/outputs.yaml b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/outputs.yaml index 5b8338d8d..843111c8f 100644 --- a/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/outputs.yaml +++ b/crd-catalog/kube-logging/logging-operator/logging.banzaicloud.io/v1beta1/outputs.yaml @@ -6587,162 +6587,6 @@ spec: tag_property_name: type: "string" type: "object" - sumologic: - properties: - add_timestamp: - type: "boolean" - buffer: - properties: - chunk_full_threshold: - type: "string" - chunk_limit_records: - type: "integer" - chunk_limit_size: - type: "string" - compress: - type: "string" - delayed_commit_timeout: - type: "string" - disable_chunk_backup: - type: "boolean" - disabled: - type: "boolean" - flush_at_shutdown: - type: "boolean" - flush_interval: - type: "string" - flush_mode: - type: "string" - flush_thread_burst_interval: - type: "string" - flush_thread_count: - type: "integer" - flush_thread_interval: - type: "string" - overflow_action: - type: "string" - path: - type: "string" - queue_limit_length: - type: "integer" - queued_chunks_limit_size: - type: "integer" - retry_exponential_backoff_base: - type: "string" - retry_forever: - type: "boolean" - retry_max_interval: - type: "string" - retry_max_times: - type: "integer" - retry_randomize: - type: "boolean" - retry_secondary_threshold: - type: "string" - retry_timeout: - type: "string" - retry_type: - type: "string" - retry_wait: - type: "string" - tags: - type: "string" - timekey: - type: "string" - timekey_use_utc: - type: "boolean" - timekey_wait: - type: "string" - timekey_zone: - type: "string" - total_limit_size: - type: "string" - type: - type: "string" - type: "object" - compress: - type: "boolean" - compress_encoding: - type: "string" - custom_dimensions: - type: "string" - custom_fields: - items: - type: "string" - type: "array" - data_type: - type: "string" - delimiter: - type: "string" - disable_cookies: - type: "boolean" - endpoint: - properties: - mountFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - value: - type: "string" - valueFrom: - properties: - secretKeyRef: - properties: - key: - type: "string" - name: - default: "" - type: "string" - optional: - type: "boolean" - required: - - "key" - type: "object" - x-kubernetes-map-type: "atomic" - type: "object" - type: "object" - log_format: - type: "string" - log_key: - type: "string" - metric_data_format: - type: "string" - open_timeout: - type: "integer" - proxy_uri: - type: "string" - slow_flush_log_threshold: - type: "string" - source_category: - type: "string" - source_host: - type: "string" - source_name: - type: "string" - source_name_key: - type: "string" - sumo_client: - type: "string" - timestamp_key: - type: "string" - verify_ssl: - type: "boolean" - required: - - "endpoint" - - "source_name" - type: "object" syslog: properties: allow_self_signed_cert: diff --git a/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/edgeapplications.yaml b/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/edgeapplications.yaml index ae1d18389..1cbac3ab8 100644 --- a/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/edgeapplications.yaml +++ b/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/edgeapplications.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "edgeapplications.apps.kubeedge.io" spec: group: "apps.kubeedge.io" @@ -21,10 +21,10 @@ spec: description: "EdgeApplication is the Schema for the edgeapplications API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -37,7 +37,7 @@ spec: targetNodeGroups: description: "TargetNodeGroups represents the target node groups of workload to be deployed." items: - description: "TargetNodeGroup represents the target node group of workload to be deployed, including override rules to apply for this node group." + description: "TargetNodeGroup represents the target node group of workload to be deployed, including\noverride rules to apply for this node group." properties: name: description: "Name represents the name of target node group" @@ -60,7 +60,7 @@ spec: - "remove" type: "string" value: - description: "Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is 'add'. Items in Value which match in command/args will be deleted when Operator is 'remove'. If Value is empty, then the command/args will remain the same." + description: "Value to be applied to command/args.\nItems in Value which will be appended after command/args when Operator is 'add'.\nItems in Value which match in command/args will be deleted when Operator is 'remove'.\nIf Value is empty, then the command/args will remain the same." items: type: "string" type: "array" @@ -84,7 +84,7 @@ spec: - "remove" type: "string" value: - description: "Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is 'add'. Items in Value which match in command/args will be deleted when Operator is 'remove'. If Value is empty, then the command/args will remain the same." + description: "Value to be applied to command/args.\nItems in Value which will be appended after command/args when Operator is 'add'.\nItems in Value which match in command/args will be deleted when Operator is 'remove'.\nIf Value is empty, then the command/args will remain the same." items: type: "string" type: "array" @@ -109,7 +109,7 @@ spec: - "replace" type: "string" value: - description: "Value to be applied to env. Must not be empty when operator is 'add' or 'replace'. When the operator is 'remove', the matched value in env will be deleted and only the name of the value will be matched. If Value is empty, then the env will remain the same." + description: "Value to be applied to env.\nMust not be empty when operator is 'add' or 'replace'.\nWhen the operator is 'remove', the matched value in env will be deleted\nand only the name of the value will be matched.\nIf Value is empty, then the env will remain the same." items: description: "EnvVar represents an environment variable present in a Container." properties: @@ -117,7 +117,7 @@ spec: description: "Name of the environment variable. Must be a C_IDENTIFIER." type: "string" value: - description: "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\"." + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." type: "string" valueFrom: description: "Source for the environment variable's value. Cannot be used if value is not empty." @@ -129,7 +129,7 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -137,8 +137,9 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." properties: apiVersion: description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." @@ -149,8 +150,9 @@ spec: required: - "fieldPath" type: "object" + x-kubernetes-map-type: "atomic" resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." properties: containerName: description: "Container name: required for volumes, optional for env vars" @@ -168,6 +170,7 @@ spec: required: - "resource" type: "object" + x-kubernetes-map-type: "atomic" secretKeyRef: description: "Selects a key of a secret in the pod's namespace" properties: @@ -175,7 +178,7 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -183,6 +186,7 @@ spec: required: - "key" type: "object" + x-kubernetes-map-type: "atomic" type: "object" required: - "name" @@ -199,7 +203,7 @@ spec: description: "ImageOverrider represents the rules dedicated to handling image overrides." properties: component: - description: "Component is part of image name. Basically we presume an image can be made of '[registry/]repository[:tag]'. The registry could be: - k8s.gcr.io - fictional.registry.example:10443 The repository could be: - kube-apiserver - fictional/nginx The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c" + description: "Component is part of image name.\nBasically we presume an image can be made of '[registry/]repository[:tag]'.\nThe registry could be:\n- k8s.gcr.io\n- fictional.registry.example:10443\nThe repository could be:\n- kube-apiserver\n- fictional/nginx\nThe tag cloud be:\n- latest\n- v1.19.1\n- @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c" enum: - "Registry" - "Repository" @@ -213,7 +217,7 @@ spec: - "replace" type: "string" predicate: - description: "Predicate filters images before applying the rule. \n Defaults to nil, in that case, the system will automatically detect image fields if the resource type is Pod, ReplicaSet, Deployment or StatefulSet by following rule: - Pod: /spec/containers//image - ReplicaSet: /spec/template/spec/containers//image - Deployment: /spec/template/spec/containers//image - StatefulSet: /spec/template/spec/containers//image In addition, all images will be processed if the resource object has more than one containers. \n If not nil, only images matches the filters will be processed." + description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment or StatefulSet by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one containers.\n\n\nIf not nil, only images matches the filters will be processed." properties: path: description: "Path indicates the path of target field" @@ -222,7 +226,7 @@ spec: - "path" type: "object" value: - description: "Value to be applied to image. Must not be empty when operator is 'add' or 'replace'. Defaults to empty and ignored when operator is 'remove'." + description: "Value to be applied to image.\nMust not be empty when operator is 'add' or 'replace'.\nDefaults to empty and ignored when operator is 'remove'." type: "string" required: - "component" @@ -241,15 +245,15 @@ spec: description: "The name of container" type: "string" value: - description: "Value to be applied to resources. Must not be empty" + description: "Value to be applied to resources.\nMust not be empty" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: - description: "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container." + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" required: - "name" @@ -265,7 +269,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" requests: additionalProperties: @@ -274,7 +278,7 @@ spec: - type: "string" pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" type: "object" type: "object" required: @@ -286,9 +290,291 @@ spec: - "name" type: "object" type: "array" + targetNodeLabels: + description: "TargetNodeLabels represents the target nodes with specified labels of workload to be deployed" + items: + description: "TargetNodeLabels represents the target nodes with specified labels of workload to be deployed, including\noverride rules to apply for the node." + properties: + labelSelector: + description: "LabelSelector represents the label selectors used to match nodes for workload deployment.\nIt defines the criteria for selecting the target nodes based on their labels." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + required: + - "key" + - "operator" + type: "object" + type: "array" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + overriders: + description: "Overriders represents the override rules that would apply to the workload for the nodes\nselected by the label selector." + properties: + argsOverriders: + description: "ArgsOverriders represents the rules dedicated to handling container args" + items: + description: "CommandArgsOverrider represents the rules dedicated to handling command/args overrides." + properties: + containerName: + description: "The name of container" + type: "string" + operator: + description: "Operator represents the operator which will apply on the command/args." + enum: + - "add" + - "remove" + type: "string" + value: + description: "Value to be applied to command/args.\nItems in Value which will be appended after command/args when Operator is 'add'.\nItems in Value which match in command/args will be deleted when Operator is 'remove'.\nIf Value is empty, then the command/args will remain the same." + items: + type: "string" + type: "array" + required: + - "containerName" + - "operator" + type: "object" + type: "array" + commandOverriders: + description: "CommandOverriders represents the rules dedicated to handling container command" + items: + description: "CommandArgsOverrider represents the rules dedicated to handling command/args overrides." + properties: + containerName: + description: "The name of container" + type: "string" + operator: + description: "Operator represents the operator which will apply on the command/args." + enum: + - "add" + - "remove" + type: "string" + value: + description: "Value to be applied to command/args.\nItems in Value which will be appended after command/args when Operator is 'add'.\nItems in Value which match in command/args will be deleted when Operator is 'remove'.\nIf Value is empty, then the command/args will remain the same." + items: + type: "string" + type: "array" + required: + - "containerName" + - "operator" + type: "object" + type: "array" + envOverriders: + description: "EnvOverriders will override the env field of the container" + items: + description: "EnvOverrider represents the rules dedicated to handling env overrides." + properties: + containerName: + description: "The name of container" + type: "string" + operator: + description: "Operator represents the operator which will apply on the env." + enum: + - "add" + - "remove" + - "replace" + type: "string" + value: + description: "Value to be applied to env.\nMust not be empty when operator is 'add' or 'replace'.\nWhen the operator is 'remove', the matched value in env will be deleted\nand only the name of the value will be matched.\nIf Value is empty, then the env will remain the same." + items: + description: "EnvVar represents an environment variable present in a Container." + properties: + name: + description: "Name of the environment variable. Must be a C_IDENTIFIER." + type: "string" + value: + description: "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"." + type: "string" + valueFrom: + description: "Source for the environment variable's value. Cannot be used if value is not empty." + properties: + configMapKeyRef: + description: "Selects a key of a ConfigMap." + properties: + key: + description: "The key to select." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the ConfigMap or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + fieldRef: + description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." + properties: + apiVersion: + description: "Version of the schema the FieldPath is written in terms of, defaults to \"v1\"." + type: "string" + fieldPath: + description: "Path of the field to select in the specified API version." + type: "string" + required: + - "fieldPath" + type: "object" + x-kubernetes-map-type: "atomic" + resourceFieldRef: + description: "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: "string" + divisor: + anyOf: + - type: "integer" + - type: "string" + description: "Specifies the output format of the exposed resources, defaults to \"1\"" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: "string" + required: + - "resource" + type: "object" + x-kubernetes-map-type: "atomic" + secretKeyRef: + description: "Selects a key of a secret in the pod's namespace" + properties: + key: + description: "The key of the secret to select from. Must be a valid secret key." + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + type: "string" + optional: + description: "Specify whether the Secret or its key must be defined" + type: "boolean" + required: + - "key" + type: "object" + x-kubernetes-map-type: "atomic" + type: "object" + required: + - "name" + type: "object" + type: "array" + required: + - "containerName" + - "operator" + type: "object" + type: "array" + imageOverriders: + description: "ImageOverriders represents the rules dedicated to handling image overrides." + items: + description: "ImageOverrider represents the rules dedicated to handling image overrides." + properties: + component: + description: "Component is part of image name.\nBasically we presume an image can be made of '[registry/]repository[:tag]'.\nThe registry could be:\n- k8s.gcr.io\n- fictional.registry.example:10443\nThe repository could be:\n- kube-apiserver\n- fictional/nginx\nThe tag cloud be:\n- latest\n- v1.19.1\n- @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c" + enum: + - "Registry" + - "Repository" + - "Tag" + type: "string" + operator: + description: "Operator represents the operator which will apply on the image." + enum: + - "add" + - "remove" + - "replace" + type: "string" + predicate: + description: "Predicate filters images before applying the rule.\n\n\nDefaults to nil, in that case, the system will automatically detect image fields if the resource type is\nPod, ReplicaSet, Deployment or StatefulSet by following rule:\n - Pod: /spec/containers//image\n - ReplicaSet: /spec/template/spec/containers//image\n - Deployment: /spec/template/spec/containers//image\n - StatefulSet: /spec/template/spec/containers//image\nIn addition, all images will be processed if the resource object has more than one containers.\n\n\nIf not nil, only images matches the filters will be processed." + properties: + path: + description: "Path indicates the path of target field" + type: "string" + required: + - "path" + type: "object" + value: + description: "Value to be applied to image.\nMust not be empty when operator is 'add' or 'replace'.\nDefaults to empty and ignored when operator is 'remove'." + type: "string" + required: + - "component" + - "operator" + type: "object" + type: "array" + replicas: + description: "Replicas will override the replicas field of deployment" + type: "integer" + resourcesOverriders: + description: "ResourcesOverriders will override the resources field of the container" + items: + description: "ResourcesOverrider represents the rules dedicated to handling resources overrides." + properties: + containerName: + description: "The name of container" + type: "string" + value: + description: "Value to be applied to resources.\nMust not be empty" + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + required: + - "containerName" + type: "object" + type: "array" + type: "object" + type: "object" + type: "array" type: "object" workloadTemplate: - description: "WorkloadTemplate contains original templates of resources to be deployed as an EdgeApplication." + description: "WorkloadTemplate contains original templates of resources to be deployed\nas an EdgeApplication." properties: manifests: description: "Manifests represent a list of Kubernetes resources to be deployed on the managed node groups." @@ -310,7 +596,7 @@ spec: description: "ManifestStatus contains running status of a specific manifest in spec." properties: conditions: - description: "Conditions contain the different condition statuses for this manifest. Valid condition types are: 1. Processing: this workload is under processing and the current state of manifest does not match the desired. 2. Available: the current status of this workload matches the desired." + description: "Conditions contain the different condition statuses for this manifest.\nValid condition types are:\n1. Processing: this workload is under processing and the current state of manifest does not match the desired.\n2. Available: the current status of this workload matches the desired." enum: - "Processing" - "Available" @@ -331,7 +617,7 @@ spec: description: "Namespace is the namespace of the resource" type: "string" ordinal: - description: "Ordinal represents an index in manifests list, so the condition can still be linked to a manifest even though manifest cannot be parsed successfully." + description: "Ordinal represents an index in manifests list, so the condition can still be linked\nto a manifest even though manifest cannot be parsed successfully." minimum: 0.0 type: "integer" resource: @@ -353,9 +639,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/nodegroups.yaml b/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/nodegroups.yaml index e3491154d..b87c75526 100644 --- a/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/nodegroups.yaml +++ b/crd-catalog/kubeedge/kubeedge/apps.kubeedge.io/v1alpha1/nodegroups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "nodegroups.apps.kubeedge.io" spec: group: "apps.kubeedge.io" @@ -21,10 +21,10 @@ spec: description: "NodeGroup is the Schema for the nodegroups API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -74,9 +74,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devicemodels.yaml b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devicemodels.yaml index ef5445948..6bcd408c8 100644 --- a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devicemodels.yaml +++ b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devicemodels.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "devicemodels.devices.kubeedge.io" spec: group: "devices.kubeedge.io" @@ -19,15 +19,15 @@ spec: description: "DeviceModel is the Schema for the device model API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "DeviceModelSpec defines the model / template for a device.It is a blueprint which describes the device capabilities and access mechanism via property visitors." + description: "DeviceModelSpec defines the model / template for a device.It is a blueprint which describes the device\ncapabilities and access mechanism via property visitors." properties: properties: description: "Required: List of device properties." @@ -141,9 +141,3 @@ spec: type: "object" served: true storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devices.yaml b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devices.yaml index b9da0d8bd..079deba48 100644 --- a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devices.yaml +++ b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1alpha2/devices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "devices.devices.kubeedge.io" spec: group: "devices.kubeedge.io" @@ -19,10 +19,10 @@ spec: description: "Device is the Schema for the devices API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -30,7 +30,7 @@ spec: description: "DeviceSpec represents a single device instance. It is an instantation of a device model." properties: data: - description: "Data section describe a list of time-series properties which should be processed on edge node." + description: "Data section describe a list of time-series properties which should be processed\non edge node." properties: dataProperties: description: "Required: A list of data properties, which are not required to be processed by edgecore" @@ -43,42 +43,43 @@ spec: description: "Additional metadata like timestamp when the value was reported etc." type: "object" propertyName: - description: "Required: The property name for which should be processed by external apps. This property should be present in the device model." + description: "Required: The property name for which should be processed by external apps.\nThis property should be present in the device model." type: "string" type: "object" type: "array" dataTopic: - description: "Topic used by mapper, all data collected from dataProperties should be published to this topic, the default value is $ke/events/device/+/data/update" + description: "Topic used by mapper, all data collected from dataProperties\nshould be published to this topic,\nthe default value is $ke/events/device/+/data/update" type: "string" type: "object" deviceModelRef: - description: "Required: DeviceModelRef is reference to the device model used as a template to create the device instance." + description: "Required: DeviceModelRef is reference to the device model used as a template\nto create the device instance." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" + x-kubernetes-map-type: "atomic" nodeSelector: - description: "NodeSelector indicates the binding preferences between devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector for more details" + description: "NodeSelector indicates the binding preferences between devices and nodes.\nRefer to k8s.io/kubernetes/pkg/apis/core NodeSelector for more details" properties: nodeSelectorTerms: description: "Required. A list of node selector terms. The terms are ORed." items: - description: "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm." + description: "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm." properties: matchExpressions: description: "A list of node selector requirements by node's labels." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -90,16 +91,16 @@ spec: matchFields: description: "A list of node selector requirements by node's fields." items: - description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values." properties: key: description: "The label key that the selector applies to." type: "string" operator: - description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." + description: "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt." type: "string" values: - description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch." + description: "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch." items: type: "string" type: "array" @@ -109,14 +110,16 @@ spec: type: "object" type: "array" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "nodeSelectorTerms" type: "object" + x-kubernetes-map-type: "atomic" propertyVisitors: - description: "List of property visitors which describe how to access the device properties. PropertyVisitors must unique by propertyVisitor.propertyName." + description: "List of property visitors which describe how to access the device properties.\nPropertyVisitors must unique by propertyVisitor.propertyName." items: - description: "DevicePropertyVisitor describes the specifics of accessing a particular device property. Visitors are intended to be consumed by device mappers which connect to devices and collect data / perform actions on the device." + description: "DevicePropertyVisitor describes the specifics of accessing a particular device\nproperty. Visitors are intended to be consumed by device mappers which connect to devices\nand collect data / perform actions on the device." properties: bluetooth: description: "Bluetooth represents a set of additional visitor config fields of bluetooth protocol." @@ -128,7 +131,7 @@ spec: description: "Responsible for converting the data being read from the bluetooth device into a form that is understandable by the platform" properties: endIndex: - description: "Required: Specifies the end index of incoming byte stream to be considered to convert the data the value specified should be inclusive for example if 3 is specified it includes the third index" + description: "Required: Specifies the end index of incoming byte stream to be considered to convert the data\nthe value specified should be inclusive for example if 3 is specified it includes the third index" type: "integer" orderOfOperations: description: "Specifies in what order the operations(which are required to be performed to convert incoming data into understandable form) are performed" @@ -150,14 +153,14 @@ spec: description: "Refers to the number of bits to shift right, if right-shift operation is necessary for conversion" type: "integer" startIndex: - description: "Required: Specifies the start index of the incoming byte stream to be considered to convert the data. For example: start-index:2, end-index:3 concatenates the value present at second and third index of the incoming byte stream. If we want to reverse the order we can give it as start-index:3, end-index:2" + description: "Required: Specifies the start index of the incoming byte stream to be considered to convert the data.\nFor example: start-index:2, end-index:3 concatenates the value present at second and third index of the incoming byte stream. If we want to reverse the order we can give it as start-index:3, end-index:2" type: "integer" type: "object" dataWrite: additionalProperties: format: "byte" type: "string" - description: "Responsible for converting the data coming from the platform into a form that is understood by the bluetooth device For example: \"ON\":[1], \"OFF\":[0]" + description: "Responsible for converting the data coming from the platform into a form that is understood by the bluetooth device\nFor example: \"ON\":[1], \"OFF\":[0]" type: "object" type: "object" collectCycle: @@ -183,10 +186,10 @@ spec: description: "Modbus represents a set of additional visitor config fields of modbus protocol." properties: isRegisterSwap: - description: "Indicates whether the high and low register swapped. Defaults to false." + description: "Indicates whether the high and low register swapped.\nDefaults to false." type: "boolean" isSwap: - description: "Indicates whether the high and low byte swapped. Defaults to false." + description: "Indicates whether the high and low byte swapped.\nDefaults to false." type: "boolean" limit: description: "Required: Limit number of registers to read/write." @@ -205,7 +208,7 @@ spec: - "HoldingRegister" type: "string" scale: - description: "The scale to convert raw property data into final units. Defaults to 1.0" + description: "The scale to convert raw property data into final units.\nDefaults to 1.0" type: "number" type: "object" opcua: @@ -219,7 +222,7 @@ spec: type: "string" type: "object" propertyName: - description: "Required: The device property name to be accessed. This should refer to one of the device properties defined in the device model." + description: "Required: The device property name to be accessed. This should refer to one of the\ndevice properties defined in the device model." type: "string" reportCycle: description: "Define how frequent mapper will report the value." @@ -339,7 +342,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true protocolName: - description: "Unique protocol name Required." + description: "Unique protocol name\nRequired." type: "string" type: "object" modbus: @@ -385,9 +388,9 @@ spec: description: "DeviceStatus reports the device state and the desired/reported values of twin attributes." properties: twins: - description: "A list of device twins containing desired/reported desired/reported values of twin properties. Optional: A passive device won't have twin properties and this list could be empty." + description: "A list of device twins containing desired/reported desired/reported values of twin properties.\nOptional: A passive device won't have twin properties and this list could be empty." items: - description: "Twin provides a logical representation of control properties (writable properties in the device model). The properties can have a Desired state and a Reported state. The cloud configures the `Desired`state of a device property and this configuration update is pushed to the edge node. The mapper sends a command to the device to change this property value as per the desired state . It receives the `Reported` state of the property once the previous operation is complete and sends the reported state to the cloud. Offline device interaction in the edge is possible via twin properties for control/command operations." + description: "Twin provides a logical representation of control properties (writable properties in the\ndevice model). The properties can have a Desired state and a Reported state. The cloud configures\nthe `Desired`state of a device property and this configuration update is pushed to the edge node.\nThe mapper sends a command to the device to change this property value as per the desired state .\nIt receives the `Reported` state of the property once the previous operation is complete and sends\nthe reported state to the cloud. Offline device interaction in the edge is possible via twin\nproperties for control/command operations." properties: desired: description: "Required: the desired property value." @@ -404,7 +407,7 @@ spec: - "value" type: "object" propertyName: - description: "Required: The property name for which the desired/reported values are specified. This property should be present in the device model." + description: "Required: The property name for which the desired/reported values are specified.\nThis property should be present in the device model." type: "string" reported: description: "Required: the reported property value." @@ -426,9 +429,3 @@ spec: type: "object" served: true storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devicemodels.yaml b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devicemodels.yaml index 320826c84..8a84a4649 100644 --- a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devicemodels.yaml +++ b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devicemodels.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "devicemodels.devices.kubeedge.io" spec: group: "devices.kubeedge.io" @@ -19,15 +19,15 @@ spec: description: "DeviceModel is the Schema for the device model API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "DeviceModelSpec defines the model for a device.It is a blueprint which describes the device capabilities and access mechanism via property visitors." + description: "DeviceModelSpec defines the model for a device.It is a blueprint which describes the device\ncapabilities and access mechanism via property visitors." properties: properties: description: "Required: List of device properties." @@ -48,7 +48,7 @@ spec: minimum: type: "string" name: - description: "Required: The device property name. Note: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo" + description: "Required: The device property name.\nNote: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo" type: "string" type: description: "Required: Type of device property, ENUM: INT,FLOAT,DOUBLE,STRING,BOOLEAN,BYTES,STREAM" @@ -73,9 +73,3 @@ spec: type: "object" served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devices.yaml b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devices.yaml index 903f98227..4ea43f0f4 100644 --- a/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devices.yaml +++ b/crd-catalog/kubeedge/kubeedge/devices.kubeedge.io/v1beta1/devices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "devices.devices.kubeedge.io" spec: group: "devices.kubeedge.io" @@ -19,10 +19,10 @@ spec: description: "Device is the Schema for the devices API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -30,14 +30,15 @@ spec: description: "DeviceSpec represents a single device instance." properties: deviceModelRef: - description: "Required: DeviceModelRef is reference to the device model used as a template to create the device instance." + description: "Required: DeviceModelRef is reference to the device model used as a template\nto create the device instance." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" + x-kubernetes-map-type: "atomic" methods: - description: "List of methods of device. methods list item must be unique by method.Name." + description: "List of methods of device.\nmethods list item must be unique by method.Name." items: description: "DeviceMethod describes the specifics all the methods of the device." properties: @@ -48,17 +49,17 @@ spec: description: "Required: The device method name to be accessed. It must be unique." type: "string" propertyNames: - description: "PropertyNames are list of device properties that device methods can control. Required: A device method can control multiple device properties." + description: "PropertyNames are list of device properties that device methods can control.\nRequired: A device method can control multiple device properties." items: type: "string" type: "array" type: "object" type: "array" nodeName: - description: "NodeName is a request to schedule this device onto a specific node. If it is non-empty, the scheduler simply schedules this device onto that node, assuming that it fits resource requirements." + description: "NodeName is a request to schedule this device onto a specific node. If it is non-empty,\nthe scheduler simply schedules this device onto that node, assuming that it fits\nresource requirements." type: "string" properties: - description: "List of properties which describe the device properties. properties list item must be unique by properties.Name." + description: "List of properties which describe the device properties.\nproperties list item must be unique by properties.Name." items: description: "DeviceProperty describes the specifics all the properties of the device." properties: @@ -81,13 +82,13 @@ spec: - "value" type: "object" name: - description: "Required: The device property name to be accessed. It must be unique. Note: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo" + description: "Required: The device property name to be accessed. It must be unique.\nNote: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo" type: "string" pushMethod: - description: "PushMethod represents the protocol used to push data, please ensure that the mapper can access the destination address." + description: "PushMethod represents the protocol used to push data,\nplease ensure that the mapper can access the destination address." properties: dbMethod: - description: "DBMethod represents the method used to push data to database, please ensure that the mapper can access the destination address." + description: "DBMethod represents the method used to push data to database,\nplease ensure that the mapper can access the destination address." properties: TDEngine: properties: @@ -216,7 +217,7 @@ spec: description: "whether be reported to the cloud" type: "boolean" visitors: - description: "Visitors are intended to be consumed by device mappers which connect to devices and collect data / perform actions on the device. Required: Protocol relevant config details about the how to access the device property." + description: "Visitors are intended to be consumed by device mappers which connect to devices\nand collect data / perform actions on the device.\nRequired: Protocol relevant config details about the how to access the device property." properties: configData: description: "Required: The configData of customized protocol" @@ -236,7 +237,7 @@ spec: type: "object" x-kubernetes-preserve-unknown-fields: true protocolName: - description: "Unique protocol name Required." + description: "Unique protocol name\nRequired." type: "string" type: "object" type: "object" @@ -257,12 +258,12 @@ spec: description: "Optional: The state of the device." type: "string" twins: - description: "A list of device twins containing desired/reported desired/reported values of twin properties. Optional: A passive device won't have twin properties and this list could be empty." + description: "A list of device twins containing desired/reported desired/reported values of twin properties.\nOptional: A passive device won't have twin properties and this list could be empty." items: - description: "Twin provides a logical representation of control properties (writable properties in the device model). The properties can have a Desired state and a Reported state. The cloud configures the `Desired`state of a device property and this configuration update is pushed to the edge node. The mapper sends a command to the device to change this property value as per the desired state . It receives the `Reported` state of the property once the previous operation is complete and sends the reported state to the cloud. Offline device interaction in the edge is possible via twin properties for control/command operations." + description: "Twin provides a logical representation of control properties (writable properties in the\ndevice model). The properties can have a Desired state and a Reported state. The cloud configures\nthe `Desired`state of a device property and this configuration update is pushed to the edge node.\nThe mapper sends a command to the device to change this property value as per the desired state .\nIt receives the `Reported` state of the property once the previous operation is complete and sends\nthe reported state to the cloud. Offline device interaction in the edge is possible via twin\nproperties for control/command operations." properties: observedDesired: - description: "The meaning of here is to indicate desired value of `deviceProperty.Desired` that the mapper has received in current cycle. Useful in cases that people want to check whether the mapper is working appropriately and its internal status is up-to-date. This value should be only updated by devicecontroller upstream." + description: "The meaning of here is to indicate desired value of `deviceProperty.Desired`\nthat the mapper has received in current cycle.\nUseful in cases that people want to check whether the mapper is working\nappropriately and its internal status is up-to-date.\nThis value should be only updated by devicecontroller upstream." properties: metadata: additionalProperties: @@ -276,7 +277,7 @@ spec: - "value" type: "object" propertyName: - description: "Required: The property name for which the desired/reported values are specified. This property should be present in the device model." + description: "Required: The property name for which the desired/reported values are specified.\nThis property should be present in the device model." type: "string" reported: description: "Required: the reported property value." @@ -298,9 +299,3 @@ spec: type: "object" served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/operations.kubeedge.io/v1alpha1/nodeupgradejobs.yaml b/crd-catalog/kubeedge/kubeedge/operations.kubeedge.io/v1alpha1/nodeupgradejobs.yaml index 92f86ce7a..303b404a5 100644 --- a/crd-catalog/kubeedge/kubeedge/operations.kubeedge.io/v1alpha1/nodeupgradejobs.yaml +++ b/crd-catalog/kubeedge/kubeedge/operations.kubeedge.io/v1alpha1/nodeupgradejobs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "nodeupgradejobs.operations.kubeedge.io" spec: group: "operations.kubeedge.io" @@ -19,10 +19,10 @@ spec: description: "NodeUpgradeJob is used to upgrade edge node from cloud side." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -30,22 +30,22 @@ spec: description: "Specification of the desired behavior of NodeUpgradeJob." properties: checkItems: - description: "CheckItems specifies the items need to be checked before the task is executed. The default CheckItems value is nil." + description: "CheckItems specifies the items need to be checked before the task is executed.\nThe default CheckItems value is nil." items: type: "string" type: "array" concurrency: - description: "Concurrency specifies the max number of edge nodes that can be upgraded at the same time. The default Concurrency value is 1." + description: "Concurrency specifies the max number of edge nodes that can be upgraded at the same time.\nThe default Concurrency value is 1." format: "int32" type: "integer" failureTolerate: - description: "FailureTolerate specifies the task tolerance failure ratio. The default FailureTolerate value is 0.1." + description: "FailureTolerate specifies the task tolerance failure ratio.\nThe default FailureTolerate value is 0.1." type: "string" image: - description: "Image specifies a container image name, the image contains: keadm and edgecore. keadm is used as upgradetool, to install the new version of edgecore. The image name consists of registry hostname and repository name, if it includes the tag or digest, the tag or digest will be overwritten by Version field above. If the registry hostname is empty, docker.io will be used as default. The default image name is: kubeedge/installation-package." + description: "Image specifies a container image name, the image contains: keadm and edgecore.\nkeadm is used as upgradetool, to install the new version of edgecore.\nThe image name consists of registry hostname and repository name,\nif it includes the tag or digest, the tag or digest will be overwritten by Version field above.\nIf the registry hostname is empty, docker.io will be used as default.\nThe default image name is: kubeedge/installation-package." type: "string" imageDigestGatter: - description: "ImageDigestGatter define registry v2 interface access configuration. As a transition, it is not required at first, and the image digest is checked when this field is set." + description: "ImageDigestGatter define registry v2 interface access configuration.\nAs a transition, it is not required at first, and the image digest is checked when this field is set." properties: registryAPI: description: "RegistryAPI define registry v2 interface access configuration" @@ -63,21 +63,21 @@ spec: type: "string" type: "object" labelSelector: - description: "LabelSelector is a filter to select member clusters by labels. It must match a node's labels for the NodeUpgradeJob to be operated on that node. Please note that sets of NodeNames and LabelSelector are ORed. Users must set one and can only set one." + description: "LabelSelector is a filter to select member clusters by labels.\nIt must match a node's labels for the NodeUpgradeJob to be operated on that node.\nPlease note that sets of NodeNames and LabelSelector are ORed.\nUsers must set one and can only set one." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." items: - description: "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values." + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." properties: key: description: "key is the label key that the selector applies to." type: "string" operator: - description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist." + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." type: "string" values: - description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch." + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." items: type: "string" type: "array" @@ -89,19 +89,20 @@ spec: matchLabels: additionalProperties: type: "string" - description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." type: "object" type: "object" + x-kubernetes-map-type: "atomic" nodeNames: - description: "NodeNames is a request to select some specific nodes. If it is non-empty, the upgrade job simply select these edge nodes to do upgrade operation. Please note that sets of NodeNames and LabelSelector are ORed. Users must set one and can only set one." + description: "NodeNames is a request to select some specific nodes. If it is non-empty,\nthe upgrade job simply select these edge nodes to do upgrade operation.\nPlease note that sets of NodeNames and LabelSelector are ORed.\nUsers must set one and can only set one." items: type: "string" type: "array" requireConfirmation: - description: "RequireConfirmation specifies whether you need to confirm the upgrade. The default RequireConfirmation value is false." + description: "RequireConfirmation specifies whether you need to confirm the upgrade.\nThe default RequireConfirmation value is false." type: "boolean" timeoutSeconds: - description: "TimeoutSeconds limits the duration of the node upgrade job. Default to 300. If set to 0, we'll use the default value 300." + description: "TimeoutSeconds limits the duration of the node upgrade job.\nDefault to 300.\nIf set to 0, we'll use the default value 300." format: "int32" type: "integer" version: @@ -111,13 +112,13 @@ spec: description: "Most recently observed status of the NodeUpgradeJob." properties: action: - description: "Action represents for the action of the ImagePrePullJob. There are two possible action values: Success, Failure." + description: "Action represents for the action of the ImagePrePullJob.\nThere are two possible action values: Success, Failure." type: "string" currentVersion: description: "CurrentVersion represents for the current status of the EdgeCore." type: "string" event: - description: "Event represents for the event of the ImagePrePullJob. There are six possible event values: Init, Check, BackUp, Upgrade, TimeOut, Rollback." + description: "Event represents for the event of the ImagePrePullJob.\nThere are six possible event values: Init, Check, BackUp, Upgrade, TimeOut, Rollback." type: "string" historicVersion: description: "HistoricVersion represents for the historic status of the EdgeCore." @@ -128,10 +129,10 @@ spec: description: "TaskStatus stores the status of Upgrade for each edge node." properties: action: - description: "Action represents for the action of the ImagePrePullJob. There are three possible action values: Success, Failure, TimeOut." + description: "Action represents for the action of the ImagePrePullJob.\nThere are three possible action values: Success, Failure, TimeOut." type: "string" event: - description: "Event represents for the event of the ImagePrePullJob. There are three possible event values: Init, Check, Pull." + description: "Event represents for the event of the ImagePrePullJob.\nThere are three possible event values: Init, Check, Pull." type: "string" nodeName: description: "NodeName is the name of edge node." @@ -140,7 +141,7 @@ spec: description: "Reason represents for the reason of the ImagePrePullJob." type: "string" state: - description: "State represents for the upgrade state phase of the edge node. There are several possible state values: \"\", Upgrading, BackingUp, RollingBack and Checking." + description: "State represents for the upgrade state phase of the edge node.\nThere are several possible state values: \"\", Upgrading, BackingUp, RollingBack and Checking." type: "string" time: description: "Time represents for the running time of the ImagePrePullJob." @@ -151,7 +152,7 @@ spec: description: "Reason represents for the reason of the ImagePrePullJob." type: "string" state: - description: "State represents for the state phase of the NodeUpgradeJob. There are several possible state values: \"\", Upgrading, BackingUp, RollingBack and Checking." + description: "State represents for the state phase of the NodeUpgradeJob.\nThere are several possible state values: \"\", Upgrading, BackingUp, RollingBack and Checking." type: "string" time: description: "Time represents for the running time of the ImagePrePullJob." @@ -162,9 +163,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/policy.kubeedge.io/v1alpha1/serviceaccountaccesses.yaml b/crd-catalog/kubeedge/kubeedge/policy.kubeedge.io/v1alpha1/serviceaccountaccesses.yaml index f7cab2976..f63d4535f 100644 --- a/crd-catalog/kubeedge/kubeedge/policy.kubeedge.io/v1alpha1/serviceaccountaccesses.yaml +++ b/crd-catalog/kubeedge/kubeedge/policy.kubeedge.io/v1alpha1/serviceaccountaccesses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "serviceaccountaccesses.policy.kubeedge.io" spec: group: "policy.kubeedge.io" @@ -21,10 +21,10 @@ spec: description: "ServiceAccountAccess is the Schema for the ServiceAccountAccess API" properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -40,10 +40,10 @@ spec: description: "ClusterRoleBinding represents rbac ClusterRoleBinding." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: description: "Standard object's metadata." @@ -66,7 +66,7 @@ spec: type: "string" type: "object" roleRef: - description: "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable." + description: "RoleRef can only reference a ClusterRole in the global namespace.\nIf the RoleRef cannot be resolved, the Authorizer must return an error.\nThis field is immutable." properties: apiGroup: description: "APIGroup is the group for the resource being referenced" @@ -82,27 +82,29 @@ spec: - "kind" - "name" type: "object" + x-kubernetes-map-type: "atomic" subjects: description: "Subjects holds references to the objects the role applies to." items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names." + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." properties: apiGroup: - description: "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." type: "string" kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error." + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." type: "string" name: description: "Name of the object being referenced." type: "string" namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error." + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." type: "string" required: - "kind" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "roleRef" @@ -110,15 +112,15 @@ spec: rules: description: "Rules contains role rules." items: - description: "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to." + description: "PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to." properties: apiGroups: - description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups." + description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups." items: type: "string" type: "array" nonResourceURLs: - description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both." + description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both." items: type: "string" type: "array" @@ -152,10 +154,10 @@ spec: description: "RoleBinding represents rbac rolebinding." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: description: "Standard object's metadata." @@ -178,7 +180,7 @@ spec: type: "string" type: "object" roleRef: - description: "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable." + description: "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.\nIf the RoleRef cannot be resolved, the Authorizer must return an error.\nThis field is immutable." properties: apiGroup: description: "APIGroup is the group for the resource being referenced" @@ -194,27 +196,29 @@ spec: - "kind" - "name" type: "object" + x-kubernetes-map-type: "atomic" subjects: description: "Subjects holds references to the objects the role applies to." items: - description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names." + description: "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,\nor a value for non-objects such as user and group names." properties: apiGroup: - description: "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects." + description: "APIGroup holds the API group of the referenced subject.\nDefaults to \"\" for ServiceAccount subjects.\nDefaults to \"rbac.authorization.k8s.io\" for User and Group subjects." type: "string" kind: - description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error." + description: "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\".\nIf the Authorizer does not recognized the kind value, the Authorizer should report an error." type: "string" name: description: "Name of the object being referenced." type: "string" namespace: - description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error." + description: "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty\nthe Authorizer should report an error." type: "string" required: - "kind" - "name" type: "object" + x-kubernetes-map-type: "atomic" type: "array" required: - "roleRef" @@ -222,15 +226,15 @@ spec: rules: description: "Rules contains role rules." items: - description: "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to." + description: "PolicyRule holds information that describes a policy rule, but does not contain information\nabout who the rule applies to or which namespace the rule applies to." properties: apiGroups: - description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups." + description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of\nthe enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups." items: type: "string" type: "array" nonResourceURLs: - description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both." + description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path\nSince non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.\nRules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both." items: type: "string" type: "array" @@ -259,26 +263,27 @@ spec: description: "ServiceAccount is one-to-one corresponding relations with the serviceaccountaccess." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" automountServiceAccountToken: - description: "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level." + description: "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted.\nCan be overridden at the pod level." type: "boolean" imagePullSecrets: - description: "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod" + description: "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images\nin pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets\ncan be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.\nMore info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod" items: - description: "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" type: "string" type: "object" + x-kubernetes-map-type: "atomic" type: "array" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: - description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + description: "Standard object's metadata.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" properties: annotations: additionalProperties: @@ -298,32 +303,33 @@ spec: type: "string" type: "object" secrets: - description: "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret" + description: "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use.\nPods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\".\nThis field should not be used to find auto-generated service account token secrets for use outside of pods.\nInstead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created.\nMore info: https://kubernetes.io/docs/concepts/configuration/secret" items: - description: "ObjectReference contains enough information to let you inspect or modify the referred object. --- New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\". Those cannot be well described when embedded. 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple and the version of the actual struct is irrelevant. 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. \n Instead of using this type, create a locally provided and used type that is well-focused on your reference. For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." + description: "ObjectReference contains enough information to let you inspect or modify the referred object.\n---\nNew uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.\n 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.\n 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular\n restrictions like, \"must refer only to types A and B\" or \"UID not honored\" or \"name must be restricted\".\n Those cannot be well described when embedded.\n 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.\n 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity\n during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple\n and the version of the actual struct is irrelevant.\n 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type\n will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.\n\n\nInstead of using this type, create a locally provided and used type that is well-focused on your reference.\nFor example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 ." properties: apiVersion: description: "API version of the referent." type: "string" fieldPath: - description: "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future." + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." type: "string" kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" type: "string" resourceVersion: - description: "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" type: "string" uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" type: "string" type: "object" + x-kubernetes-map-type: "atomic" type: "array" type: "object" serviceAccountUid: @@ -344,9 +350,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/clusterobjectsyncs.yaml b/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/clusterobjectsyncs.yaml index 019672eba..21dbd248f 100644 --- a/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/clusterobjectsyncs.yaml +++ b/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/clusterobjectsyncs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "clusterobjectsyncs.reliablesyncs.kubeedge.io" spec: group: "reliablesyncs.kubeedge.io" @@ -16,13 +16,13 @@ spec: - name: "v1alpha1" schema: openAPIV3Schema: - description: "ClusterObjectSync stores the state of the cluster level, nonNamespaced object that was successfully persisted to the edge node. ClusterObjectSync name is a concatenation of the node name which receiving the object and the object UUID." + description: "ClusterObjectSync stores the state of the cluster level, nonNamespaced object that was successfully persisted to the edge node.\nClusterObjectSync name is a concatenation of the node name which receiving the object and the object UUID." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -30,20 +30,20 @@ spec: description: "ObjectSyncSpec stores the details of objects that persist to the edge." properties: objectAPIVersion: - description: "ObjectAPIVersion is the APIVersion of the object that was successfully persist to the edge node." + description: "ObjectAPIVersion is the APIVersion of the object\nthat was successfully persist to the edge node." type: "string" objectKind: - description: "ObjectType is the kind of the object that was successfully persist to the edge node." + description: "ObjectType is the kind of the object\nthat was successfully persist to the edge node." type: "string" objectName: - description: "ObjectName is the name of the object that was successfully persist to the edge node." + description: "ObjectName is the name of the object\nthat was successfully persist to the edge node." type: "string" type: "object" status: description: "ObjectSyncStatus stores the resourceversion of objects that persist to the edge." properties: objectResourceVersion: - description: "ObjectResourceVersion is the resourceversion of the object that was successfully persist to the edge node." + description: "ObjectResourceVersion is the resourceversion of the object\nthat was successfully persist to the edge node." type: "string" type: "object" type: "object" @@ -51,9 +51,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/objectsyncs.yaml b/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/objectsyncs.yaml index 5a0b8ad77..15edc474b 100644 --- a/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/objectsyncs.yaml +++ b/crd-catalog/kubeedge/kubeedge/reliablesyncs.kubeedge.io/v1alpha1/objectsyncs.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.6.2" + controller-gen.kubebuilder.io/version: "v0.14.0" name: "objectsyncs.reliablesyncs.kubeedge.io" spec: group: "reliablesyncs.kubeedge.io" @@ -16,13 +16,13 @@ spec: - name: "v1alpha1" schema: openAPIV3Schema: - description: "ObjectSync stores the state of the namespaced object that was successfully persisted to the edge node. ObjectSync name is a concatenation of the node name which receiving the object and the object UUID." + description: "ObjectSync stores the state of the namespaced object that was successfully persisted to the edge node.\nObjectSync name is a concatenation of the node name which receiving the object and the object UUID." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" @@ -30,20 +30,20 @@ spec: description: "ObjectSyncSpec stores the details of objects that persist to the edge." properties: objectAPIVersion: - description: "ObjectAPIVersion is the APIVersion of the object that was successfully persist to the edge node." + description: "ObjectAPIVersion is the APIVersion of the object\nthat was successfully persist to the edge node." type: "string" objectKind: - description: "ObjectType is the kind of the object that was successfully persist to the edge node." + description: "ObjectType is the kind of the object\nthat was successfully persist to the edge node." type: "string" objectName: - description: "ObjectName is the name of the object that was successfully persist to the edge node." + description: "ObjectName is the name of the object\nthat was successfully persist to the edge node." type: "string" type: "object" status: description: "ObjectSyncStatus stores the resourceversion of objects that persist to the edge." properties: objectResourceVersion: - description: "ObjectResourceVersion is the resourceversion of the object that was successfully persist to the edge node." + description: "ObjectResourceVersion is the resourceversion of the object\nthat was successfully persist to the edge node." type: "string" type: "object" type: "object" @@ -51,9 +51,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotclasses.yaml b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotclasses.yaml new file mode 100644 index 000000000..f5a677bb4 --- /dev/null +++ b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotclasses.yaml @@ -0,0 +1,64 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814" + controller-gen.kubebuilder.io/version: "v0.15.0" + name: "volumegroupsnapshotclasses.groupsnapshot.storage.k8s.io" +spec: + group: "groupsnapshot.storage.k8s.io" + names: + kind: "VolumeGroupSnapshotClass" + listKind: "VolumeGroupSnapshotClassList" + plural: "volumegroupsnapshotclasses" + shortNames: + - "vgsclass" + - "vgsclasses" + singular: "volumegroupsnapshotclass" + scope: "Cluster" + versions: + - additionalPrinterColumns: + - jsonPath: ".driver" + name: "Driver" + type: "string" + - description: "Determines whether a VolumeGroupSnapshotContent created through the VolumeGroupSnapshotClass should be deleted when its bound VolumeGroupSnapshot is deleted." + jsonPath: ".deletionPolicy" + name: "DeletionPolicy" + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1beta1" + schema: + openAPIV3Schema: + description: "VolumeGroupSnapshotClass specifies parameters that a underlying storage system\nuses when creating a volume group snapshot. A specific VolumeGroupSnapshotClass\nis used by specifying its name in a VolumeGroupSnapshot object.\nVolumeGroupSnapshotClasses are non-namespaced." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + deletionPolicy: + description: "DeletionPolicy determines whether a VolumeGroupSnapshotContent created\nthrough the VolumeGroupSnapshotClass should be deleted when its bound\nVolumeGroupSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are deleted.\nRequired." + enum: + - "Delete" + - "Retain" + type: "string" + driver: + description: "Driver is the name of the storage driver expected to handle this VolumeGroupSnapshotClass.\nRequired." + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + parameters: + additionalProperties: + type: "string" + description: "Parameters is a key-value map with storage driver specific parameters for\ncreating group snapshots.\nThese values are opaque to Kubernetes and are passed directly to the driver." + type: "object" + required: + - "deletionPolicy" + - "driver" + type: "object" + served: true + storage: true + subresources: {} diff --git a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotcontents.yaml b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotcontents.yaml new file mode 100644 index 000000000..690d1bcc5 --- /dev/null +++ b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotcontents.yaml @@ -0,0 +1,195 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/1068" + controller-gen.kubebuilder.io/version: "v0.15.0" + name: "volumegroupsnapshotcontents.groupsnapshot.storage.k8s.io" +spec: + group: "groupsnapshot.storage.k8s.io" + names: + kind: "VolumeGroupSnapshotContent" + listKind: "VolumeGroupSnapshotContentList" + plural: "volumegroupsnapshotcontents" + shortNames: + - "vgsc" + - "vgscs" + singular: "volumegroupsnapshotcontent" + scope: "Cluster" + versions: + - additionalPrinterColumns: + - description: "Indicates if all the individual snapshots in the group are ready to be used to restore a group of volumes." + jsonPath: ".status.readyToUse" + name: "ReadyToUse" + type: "boolean" + - description: "Determines whether this VolumeGroupSnapshotContent and its physical group snapshot on the underlying storage system should be deleted when its bound VolumeGroupSnapshot is deleted." + jsonPath: ".spec.deletionPolicy" + name: "DeletionPolicy" + type: "string" + - description: "Name of the CSI driver used to create the physical group snapshot on the underlying storage system." + jsonPath: ".spec.driver" + name: "Driver" + type: "string" + - description: "Name of the VolumeGroupSnapshotClass from which this group snapshot was (or will be) created." + jsonPath: ".spec.volumeGroupSnapshotClassName" + name: "VolumeGroupSnapshotClass" + type: "string" + - description: "Namespace of the VolumeGroupSnapshot object to which this VolumeGroupSnapshotContent object is bound." + jsonPath: ".spec.volumeGroupSnapshotRef.namespace" + name: "VolumeGroupSnapshotNamespace" + type: "string" + - description: "Name of the VolumeGroupSnapshot object to which this VolumeGroupSnapshotContent object is bound." + jsonPath: ".spec.volumeGroupSnapshotRef.name" + name: "VolumeGroupSnapshot" + type: "string" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1beta1" + schema: + openAPIV3Schema: + description: "VolumeGroupSnapshotContent represents the actual \"on-disk\" group snapshot object\nin the underlying storage system" + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines properties of a VolumeGroupSnapshotContent created by the underlying storage system.\nRequired." + properties: + deletionPolicy: + description: "DeletionPolicy determines whether this VolumeGroupSnapshotContent and the\nphysical group snapshot on the underlying storage system should be deleted\nwhen the bound VolumeGroupSnapshot is deleted.\nSupported values are \"Retain\" and \"Delete\".\n\"Retain\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are kept.\n\"Delete\" means that the VolumeGroupSnapshotContent and its physical group\nsnapshot on underlying storage system are deleted.\nFor dynamically provisioned group snapshots, this field will automatically\nbe filled in by the CSI snapshotter sidecar with the \"DeletionPolicy\" field\ndefined in the corresponding VolumeGroupSnapshotClass.\nFor pre-existing snapshots, users MUST specify this field when creating the\nVolumeGroupSnapshotContent object.\nRequired." + enum: + - "Delete" + - "Retain" + type: "string" + driver: + description: "Driver is the name of the CSI driver used to create the physical group snapshot on\nthe underlying storage system.\nThis MUST be the same as the name returned by the CSI GetPluginName() call for\nthat driver.\nRequired." + type: "string" + source: + description: "Source specifies whether the snapshot is (or should be) dynamically provisioned\nor already exists, and just requires a Kubernetes object representation.\nThis field is immutable after creation.\nRequired." + properties: + groupSnapshotHandles: + description: "GroupSnapshotHandles specifies the CSI \"group_snapshot_id\" of a pre-existing\ngroup snapshot and a list of CSI \"snapshot_id\" of pre-existing snapshots\non the underlying storage system for which a Kubernetes object\nrepresentation was (or should be) created.\nThis field is immutable." + properties: + volumeGroupSnapshotHandle: + description: "VolumeGroupSnapshotHandle specifies the CSI \"group_snapshot_id\" of a pre-existing\ngroup snapshot on the underlying storage system for which a Kubernetes object\nrepresentation was (or should be) created.\nThis field is immutable.\nRequired." + type: "string" + volumeSnapshotHandles: + description: "VolumeSnapshotHandles is a list of CSI \"snapshot_id\" of pre-existing\nsnapshots on the underlying storage system for which Kubernetes objects\nrepresentation were (or should be) created.\nThis field is immutable.\nRequired." + items: + type: "string" + type: "array" + required: + - "volumeGroupSnapshotHandle" + - "volumeSnapshotHandles" + type: "object" + x-kubernetes-validations: + - message: "groupSnapshotHandles is immutable" + rule: "self == oldSelf" + volumeHandles: + description: "VolumeHandles is a list of volume handles on the backend to be snapshotted\ntogether. It is specified for dynamic provisioning of the VolumeGroupSnapshot.\nThis field is immutable." + items: + type: "string" + type: "array" + x-kubernetes-validations: + - message: "volumeHandles is immutable" + rule: "self == oldSelf" + type: "object" + x-kubernetes-validations: + - message: "volumeHandles is required once set" + rule: "!has(oldSelf.volumeHandles) || has(self.volumeHandles)" + - message: "groupSnapshotHandles is required once set" + rule: "!has(oldSelf.groupSnapshotHandles) || has(self.groupSnapshotHandles)" + - message: "exactly one of volumeHandles and groupSnapshotHandles must be set" + rule: "(has(self.volumeHandles) && !has(self.groupSnapshotHandles)) || (!has(self.volumeHandles) && has(self.groupSnapshotHandles))" + volumeGroupSnapshotClassName: + description: "VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass from\nwhich this group snapshot was (or will be) created.\nNote that after provisioning, the VolumeGroupSnapshotClass may be deleted or\nrecreated with different set of values, and as such, should not be referenced\npost-snapshot creation.\nFor dynamic provisioning, this field must be set.\nThis field may be unset for pre-provisioned snapshots." + type: "string" + volumeGroupSnapshotRef: + description: "VolumeGroupSnapshotRef specifies the VolumeGroupSnapshot object to which this\nVolumeGroupSnapshotContent object is bound.\nVolumeGroupSnapshot.Spec.VolumeGroupSnapshotContentName field must reference to\nthis VolumeGroupSnapshotContent's name for the bidirectional binding to be valid.\nFor a pre-existing VolumeGroupSnapshotContent object, name and namespace of the\nVolumeGroupSnapshot object MUST be provided for binding to happen.\nThis field is immutable after creation.\nRequired." + properties: + apiVersion: + description: "API version of the referent." + type: "string" + fieldPath: + description: "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future." + type: "string" + kind: + description: "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + name: + description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: "string" + namespace: + description: "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: "string" + resourceVersion: + description: "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: "string" + uid: + description: "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: "string" + type: "object" + x-kubernetes-map-type: "atomic" + x-kubernetes-validations: + - message: "both volumeGroupSnapshotRef.name and volumeGroupSnapshotRef.namespace must be set" + rule: "has(self.name) && has(self.__namespace__)" + required: + - "deletionPolicy" + - "driver" + - "source" + - "volumeGroupSnapshotRef" + type: "object" + status: + description: "status represents the current information of a group snapshot." + properties: + creationTime: + description: "CreationTime is the timestamp when the point-in-time group snapshot is taken\nby the underlying storage system.\nIf not specified, it indicates the creation time is unknown.\nIf not specified, it means the readiness of a group snapshot is unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command date +%s%N returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.\nThis field is the source for the CreationTime field in VolumeGroupSnapshotStatus" + format: "int64" + type: "integer" + error: + description: "Error is the last observed error during group snapshot creation, if any.\nUpon success after retry, this error field will be cleared." + properties: + message: + description: "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation." + type: "string" + time: + description: "time is the timestamp when the error was encountered." + format: "date-time" + type: "string" + type: "object" + readyToUse: + description: "ReadyToUse indicates if all the individual snapshots in the group are ready to be\nused to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true." + type: "boolean" + volumeGroupSnapshotHandle: + description: "VolumeGroupSnapshotHandle is a unique id returned by the CSI driver\nto identify the VolumeGroupSnapshot on the storage system.\nIf a storage system does not provide such an id, the\nCSI driver can choose to return the VolumeGroupSnapshot name." + type: "string" + volumeSnapshotHandlePairList: + description: "VolumeSnapshotHandlePairList is a list of CSI \"volume_id\" and \"snapshot_id\"\npair returned by the CSI driver to identify snapshots and their source volumes\non the storage system." + items: + description: "VolumeSnapshotHandlePair defines a pair of a source volume handle and a snapshot handle" + properties: + snapshotHandle: + description: "SnapshotHandle is a unique id returned by the CSI driver to identify a volume\nsnapshot on the storage system\nRequired." + type: "string" + volumeHandle: + description: "VolumeHandle is a unique id returned by the CSI driver to identify a volume\non the storage system\nRequired." + type: "string" + required: + - "snapshotHandle" + - "volumeHandle" + type: "object" + type: "array" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshots.yaml b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshots.yaml new file mode 100644 index 000000000..96297a7a1 --- /dev/null +++ b/crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshots.yaml @@ -0,0 +1,148 @@ +apiVersion: "apiextensions.k8s.io/v1" +kind: "CustomResourceDefinition" +metadata: + annotations: + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/1068" + controller-gen.kubebuilder.io/version: "v0.15.0" + name: "volumegroupsnapshots.groupsnapshot.storage.k8s.io" +spec: + group: "groupsnapshot.storage.k8s.io" + names: + kind: "VolumeGroupSnapshot" + listKind: "VolumeGroupSnapshotList" + plural: "volumegroupsnapshots" + shortNames: + - "vgs" + singular: "volumegroupsnapshot" + scope: "Namespaced" + versions: + - additionalPrinterColumns: + - description: "Indicates if all the individual snapshots in the group are ready to be used to restore a group of volumes." + jsonPath: ".status.readyToUse" + name: "ReadyToUse" + type: "boolean" + - description: "The name of the VolumeGroupSnapshotClass requested by the VolumeGroupSnapshot." + jsonPath: ".spec.volumeGroupSnapshotClassName" + name: "VolumeGroupSnapshotClass" + type: "string" + - description: "Name of the VolumeGroupSnapshotContent object to which the VolumeGroupSnapshot object intends to bind to. Please note that verification of binding actually requires checking both VolumeGroupSnapshot and VolumeGroupSnapshotContent to ensure both are pointing at each other. Binding MUST be verified prior to usage of this object." + jsonPath: ".status.boundVolumeGroupSnapshotContentName" + name: "VolumeGroupSnapshotContent" + type: "string" + - description: "Timestamp when the point-in-time group snapshot was taken by the underlying storage system." + jsonPath: ".status.creationTime" + name: "CreationTime" + type: "date" + - jsonPath: ".metadata.creationTimestamp" + name: "Age" + type: "date" + name: "v1beta1" + schema: + openAPIV3Schema: + description: "VolumeGroupSnapshot is a user's request for creating either a point-in-time\ngroup snapshot or binding to a pre-existing group snapshot." + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: "string" + kind: + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: "string" + metadata: + type: "object" + spec: + description: "Spec defines the desired characteristics of a group snapshot requested by a user.\nRequired." + properties: + source: + description: "Source specifies where a group snapshot will be created from.\nThis field is immutable after creation.\nRequired." + properties: + selector: + description: "Selector is a label query over persistent volume claims that are to be\ngrouped together for snapshotting.\nThis labelSelector will be used to match the label added to a PVC.\nIf the label is added or removed to a volume after a group snapshot\nis created, the existing group snapshots won't be modified.\nOnce a VolumeGroupSnapshotContent is created and the sidecar starts to process\nit, the volume list will not change with retries." + properties: + matchExpressions: + description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." + items: + description: "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values." + properties: + key: + description: "key is the label key that the selector applies to." + type: "string" + operator: + description: "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist." + type: "string" + values: + description: "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch." + items: + type: "string" + type: "array" + x-kubernetes-list-type: "atomic" + required: + - "key" + - "operator" + type: "object" + type: "array" + x-kubernetes-list-type: "atomic" + matchLabels: + additionalProperties: + type: "string" + description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed." + type: "object" + type: "object" + x-kubernetes-map-type: "atomic" + x-kubernetes-validations: + - message: "selector is immutable" + rule: "self == oldSelf" + volumeGroupSnapshotContentName: + description: "VolumeGroupSnapshotContentName specifies the name of a pre-existing VolumeGroupSnapshotContent\nobject representing an existing volume group snapshot.\nThis field should be set if the volume group snapshot already exists and\nonly needs a representation in Kubernetes.\nThis field is immutable." + type: "string" + x-kubernetes-validations: + - message: "volumeGroupSnapshotContentName is immutable" + rule: "self == oldSelf" + type: "object" + x-kubernetes-validations: + - message: "selector is required once set" + rule: "!has(oldSelf.selector) || has(self.selector)" + - message: "volumeGroupSnapshotContentName is required once set" + rule: "!has(oldSelf.volumeGroupSnapshotContentName) || has(self.volumeGroupSnapshotContentName)" + - message: "exactly one of selector and volumeGroupSnapshotContentName must be set" + rule: "(has(self.selector) && !has(self.volumeGroupSnapshotContentName)) || (!has(self.selector) && has(self.volumeGroupSnapshotContentName))" + volumeGroupSnapshotClassName: + description: "VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass\nrequested by the VolumeGroupSnapshot.\nVolumeGroupSnapshotClassName may be left nil to indicate that the default\nclass will be used.\nEmpty string is not allowed for this field." + type: "string" + x-kubernetes-validations: + - message: "volumeGroupSnapshotClassName must not be the empty string when set" + rule: "size(self) > 0" + required: + - "source" + type: "object" + status: + description: "Status represents the current information of a group snapshot.\nConsumers must verify binding between VolumeGroupSnapshot and\nVolumeGroupSnapshotContent objects is successful (by validating that both\nVolumeGroupSnapshot and VolumeGroupSnapshotContent point to each other) before\nusing this object." + properties: + boundVolumeGroupSnapshotContentName: + description: "BoundVolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent\nobject to which this VolumeGroupSnapshot object intends to bind to.\nIf not specified, it indicates that the VolumeGroupSnapshot object has not\nbeen successfully bound to a VolumeGroupSnapshotContent object yet.\nNOTE: To avoid possible security issues, consumers must verify binding between\nVolumeGroupSnapshot and VolumeGroupSnapshotContent objects is successful\n(by validating that both VolumeGroupSnapshot and VolumeGroupSnapshotContent\npoint at each other) before using this object." + type: "string" + creationTime: + description: "CreationTime is the timestamp when the point-in-time group snapshot is taken\nby the underlying storage system.\nIf not specified, it may indicate that the creation time of the group snapshot\nis unknown.\nThe format of this field is a Unix nanoseconds time encoded as an int64.\nOn Unix, the command date +%s%N returns the current time in nanoseconds\nsince 1970-01-01 00:00:00 UTC.\nThis field is updated based on the CreationTime field in VolumeGroupSnapshotContentStatus" + format: "date-time" + type: "string" + error: + description: "Error is the last observed error during group snapshot creation, if any.\nThis field could be helpful to upper level controllers (i.e., application\ncontroller) to decide whether they should continue on waiting for the group\nsnapshot to be created based on the type of error reported.\nThe snapshot controller will keep retrying when an error occurs during the\ngroup snapshot creation. Upon success, this error field will be cleared." + properties: + message: + description: "message is a string detailing the encountered error during snapshot\ncreation if specified.\nNOTE: message may be logged, and it should not contain sensitive\ninformation." + type: "string" + time: + description: "time is the timestamp when the error was encountered." + format: "date-time" + type: "string" + type: "object" + readyToUse: + description: "ReadyToUse indicates if all the individual snapshots in the group are ready\nto be used to restore a group of volumes.\nReadyToUse becomes true when ReadyToUse of all individual snapshots become true.\nIf not specified, it means the readiness of a group snapshot is unknown." + type: "boolean" + type: "object" + required: + - "spec" + type: "object" + served: true + storage: true + subresources: + status: {} diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml index 7dda72f91..d0898d741 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/bootstrapproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "bootstrapproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml index a3cbeeff4..c0abd2878 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/controlplaneproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "controlplaneproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml index 48517f26f..1e9bc9bcd 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/coreproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "coreproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml index 223ac73d1..43d7936db 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha1/infrastructureproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "infrastructureproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -84,11 +84,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -105,11 +107,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -121,6 +125,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -145,11 +150,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -166,14 +173,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -209,11 +219,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -222,13 +234,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -252,11 +264,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -269,6 +283,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -284,6 +299,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -308,11 +324,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -321,13 +339,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -351,11 +369,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -368,6 +388,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -375,6 +396,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -406,11 +428,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -419,13 +443,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -449,11 +473,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -466,6 +492,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -481,6 +508,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -505,11 +533,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -518,13 +548,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -548,11 +578,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -565,6 +597,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -572,6 +605,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -610,7 +644,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -659,7 +694,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -736,7 +772,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -799,11 +836,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -896,7 +935,7 @@ spec: minimum: 1.0 type: "integer" metrics: - description: "Metrics contains the controller metrics configuration" + description: "Metrics contains thw controller metrics configuration" properties: bindAddress: description: "BindAddress is the TCP address that the controller should bind to\nfor serving prometheus metrics.\nIt can be set to \"0\" to disable the metrics serving." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml index 3f3751517..949a71580 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/addonproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "addonproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml index 05a4fe035..5f9c45392 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/bootstrapproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "bootstrapproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml index 75918dd78..72a7c3e10 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/controlplaneproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "controlplaneproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml index 5e0c0befe..73115273e 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/coreproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "coreproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml index 1bf0c5f50..172bbc964 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-operator/operator.cluster.x-k8s.io/v1alpha2/infrastructureproviders.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.15.0" name: "infrastructureproviders.operator.cluster.x-k8s.io" spec: group: "operator.cluster.x-k8s.io" @@ -75,11 +75,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -96,11 +98,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -112,6 +116,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -136,11 +141,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -157,14 +164,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -200,11 +210,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -213,13 +225,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -243,11 +255,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -260,6 +274,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -275,6 +290,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -299,11 +315,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -312,13 +330,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -342,11 +360,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -359,6 +379,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -366,6 +387,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -397,11 +419,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -410,13 +434,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -440,11 +464,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -457,6 +483,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -472,6 +499,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -496,11 +524,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -509,13 +539,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -539,11 +569,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -556,6 +588,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -563,6 +596,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -601,7 +635,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -650,7 +685,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -717,7 +753,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -930,11 +967,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -951,11 +990,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -967,6 +1008,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -991,11 +1033,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -1012,14 +1056,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -1055,11 +1102,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1068,13 +1117,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1098,11 +1147,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1115,6 +1166,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1130,6 +1182,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1154,11 +1207,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1167,13 +1222,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1197,11 +1252,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1214,6 +1271,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1221,6 +1279,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -1252,11 +1311,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1265,13 +1326,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1295,11 +1356,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1312,6 +1375,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1327,6 +1391,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -1351,11 +1416,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1364,13 +1431,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." items: type: "string" type: "array" @@ -1394,11 +1461,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -1411,6 +1480,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -1418,6 +1488,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" containers: @@ -1456,7 +1527,8 @@ spec: description: "The key to select." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -1505,7 +1577,8 @@ spec: description: "The key of the secret to select from. Must be a valid secret key." type: "string" name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -1572,7 +1645,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -1635,11 +1709,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml index 7f403b027..1948bbde2 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml index c50cdfa56..09d71801d 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsclustertemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -47,7 +47,7 @@ spec: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations" + description: "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml index 07377e5d7..dd082cbc7 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsimages.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsimages.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -91,16 +91,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml index 9372a321b..6c3dce6b6 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -86,7 +86,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -165,16 +165,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" @@ -183,10 +183,10 @@ spec: type: "object" type: "array" failureMessage: - description: "FailureMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." + description: "FailureMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." type: "string" failureReason: - description: "FailureReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." + description: "FailureReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." type: "string" fault: description: "Fault will report if any fault messages for the vsi." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml index 42c91574b..f349cc788 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmpowervsmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -56,7 +56,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml index 56825a99a..2b10b680d 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmvpcclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -95,16 +95,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml index 4516cc6d0..8f8b3c093 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmvpcmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -84,7 +84,7 @@ spec: type: "string" type: "object" profile: - description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a reference link of profile" + description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps" type: "string" providerID: description: "ProviderID is the unique identifier as specified by the cloud provider." @@ -100,7 +100,7 @@ spec: type: "string" type: "array" zone: - description: "Zone is the place where the instance should be created. Example: us-south-3\nTODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2" + description: "Zone is the place where the instance should be created. Example: us-south-3" type: "string" required: - "zone" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml index 38b857b6b..7592e6daa 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta1/ibmvpcmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -85,7 +85,7 @@ spec: type: "string" type: "object" profile: - description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a reference link of profile" + description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps" type: "string" providerID: description: "ProviderID is the unique identifier as specified by the cloud provider." @@ -101,7 +101,7 @@ spec: type: "string" type: "array" zone: - description: "Zone is the place where the instance should be created. Example: us-south-3\nTODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2" + description: "Zone is the place where the instance should be created. Example: us-south-3" type: "string" required: - "zone" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml index 3e8725726..dc259b5b1 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -641,16 +641,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml index 521c436cf..d69db5bc3 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsclustertemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsclustertemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -47,7 +47,7 @@ spec: annotations: additionalProperties: type: "string" - description: "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations" + description: "annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations" type: "object" labels: additionalProperties: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml index 06a7bbc32..8092fe4eb 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsimages.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsimages.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -107,16 +107,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml index 03f7f7728..a66297b49 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -86,7 +86,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -194,16 +194,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" @@ -212,10 +212,10 @@ spec: type: "object" type: "array" failureMessage: - description: "FailureMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." + description: "FailureMessage will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a more verbose string suitable\nfor logging and human consumption.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." type: "string" failureReason: - description: "FailureReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." + description: "FailureReason will be set in the event that there is a terminal problem\nreconciling the Machine and will contain a succinct value suitable\nfor machine interpretation.\n\nThis field should not be set for transitive errors that a controller\nfaces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the Machine's spec or the configuration of\nthe controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the controller, or the\nresponsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the Machine object and/or logged in the\ncontroller's output." type: "string" fault: description: "Fault will report if any fault messages for the vsi." diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml index 01de7630f..1188bd45d 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmpowervsmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmpowervsmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -56,7 +56,7 @@ spec: properties: name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml index f1c630e6b..25a029c10 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcclusters.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmvpcclusters.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -760,16 +760,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml index 3c0e579be..c17c57216 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachines.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmvpcmachines.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -225,7 +225,7 @@ spec: type: "string" type: "object" profile: - description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a reference link of profile" + description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps" type: "string" providerID: description: "ProviderID is the unique identifier as specified by the cloud provider." @@ -246,7 +246,7 @@ spec: type: "object" type: "array" zone: - description: "Zone is the place where the instance should be created. Example: us-south-3\nTODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2" + description: "Zone is the place where the instance should be created. Example: us-south-3" type: "string" required: - "image" @@ -284,16 +284,16 @@ spec: description: "A human readable message indicating details about the transition.\nThis field may be empty." type: "string" reason: - description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty." + description: "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may be empty." type: "string" severity: - description: "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." + description: "severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False." type: "string" status: - description: "Status of the condition, one of True, False, Unknown." + description: "status of the condition, one of True, False, Unknown." type: "string" type: - description: "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." + description: "type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important." type: "string" required: - "lastTransitionTime" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml index 7d0b606d2..3ed347a96 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-ibmcloud/infrastructure.cluster.x-k8s.io/v1beta2/ibmvpcmachinetemplates.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.15.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "ibmvpcmachinetemplates.infrastructure.cluster.x-k8s.io" spec: group: "infrastructure.cluster.x-k8s.io" @@ -226,7 +226,7 @@ spec: type: "string" type: "object" profile: - description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps\nTODO: add a reference link of profile" + description: "Profile indicates the flavor of instance. Example: bx2-8x32\tmeans 8 vCPUs\t32 GB RAM\t16 Gbps" type: "string" providerID: description: "ProviderID is the unique identifier as specified by the cloud provider." @@ -247,7 +247,7 @@ spec: type: "object" type: "array" zone: - description: "Zone is the place where the instance should be created. Example: us-south-3\nTODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2" + description: "Zone is the place where the instance should be created. Example: us-south-3" type: "string" required: - "image" diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml index 74268755b..aae575a1c 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherefailuredomains.yaml @@ -80,6 +80,119 @@ spec: - "hostGroupName" - "vmGroupName" type: "object" + networkConfigurations: + description: "NetworkConfigurations is a list of network configurations within this failure domain." + items: + description: "NetworkConfiguration defines a network configuration that should be used when consuming\na failure domain." + properties: + addressesFromPools: + description: "AddressesFromPools is a list of IPAddressPools that should be assigned\nto IPAddressClaims. The machine's cloud-init metadata will be populated\nwith IPAddresses fulfilled by an IPAM provider." + items: + description: "TypedLocalObjectReference contains enough information to let you locate the\ntyped referenced object inside the same namespace." + properties: + apiGroup: + description: "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required." + type: "string" + kind: + description: "Kind is the type of resource being referenced" + type: "string" + name: + description: "Name is the name of resource being referenced" + type: "string" + required: + - "kind" + - "name" + type: "object" + x-kubernetes-map-type: "atomic" + type: "array" + dhcp4: + description: "DHCP4 is a flag that indicates whether or not to use DHCP for IPv4." + type: "boolean" + dhcp4Overrides: + description: "DHCP4Overrides allows for the control over several DHCP behaviors.\nOverrides will only be applied when the corresponding DHCP flag is set.\nOnly configured values will be sent, omitted values will default to\ndistribution defaults.\nDependent on support in the network stack for your distribution.\nFor more information see the netplan reference (https://netplan.io/reference#dhcp-overrides)" + properties: + hostname: + description: "Hostname is the name which will be sent to the DHCP server instead of\nthe machine's hostname." + type: "string" + routeMetric: + description: "RouteMetric is used to prioritize routes for devices. A lower metric for\nan interface will have a higher priority." + type: "integer" + sendHostname: + description: "SendHostname when `true`, the hostname of the machine will be sent to the\nDHCP server." + type: "boolean" + useDNS: + description: "UseDNS when `true`, the DNS servers in the DHCP server will be used and\ntake precedence." + type: "boolean" + useDomains: + description: "UseDomains can take the values `true`, `false`, or `route`. When `true`,\nthe domain name from the DHCP server will be used as the DNS search\ndomain for this device. When `route`, the domain name from the DHCP\nresponse will be used for routing DNS only, not for searching." + type: "string" + useHostname: + description: "UseHostname when `true`, the hostname from the DHCP server will be set\nas the transient hostname of the machine." + type: "boolean" + useMTU: + description: "UseMTU when `true`, the MTU from the DHCP server will be set as the\nMTU of the device." + type: "boolean" + useNTP: + description: "UseNTP when `true`, the NTP servers from the DHCP server will be used\nby systemd-timesyncd and take precedence." + type: "boolean" + useRoutes: + description: "UseRoutes when `true`, the routes from the DHCP server will be installed\nin the routing table." + type: "string" + type: "object" + dhcp6: + description: "DHCP6 is a flag that indicates whether or not to use DHCP for IPv6." + type: "boolean" + dhcp6Overrides: + description: "DHCP6Overrides allows for the control over several DHCP behaviors.\nOverrides will only be applied when the corresponding DHCP flag is set.\nOnly configured values will be sent, omitted values will default to\ndistribution defaults.\nDependent on support in the network stack for your distribution.\nFor more information see the netplan reference (https://netplan.io/reference#dhcp-overrides)" + properties: + hostname: + description: "Hostname is the name which will be sent to the DHCP server instead of\nthe machine's hostname." + type: "string" + routeMetric: + description: "RouteMetric is used to prioritize routes for devices. A lower metric for\nan interface will have a higher priority." + type: "integer" + sendHostname: + description: "SendHostname when `true`, the hostname of the machine will be sent to the\nDHCP server." + type: "boolean" + useDNS: + description: "UseDNS when `true`, the DNS servers in the DHCP server will be used and\ntake precedence." + type: "boolean" + useDomains: + description: "UseDomains can take the values `true`, `false`, or `route`. When `true`,\nthe domain name from the DHCP server will be used as the DNS search\ndomain for this device. When `route`, the domain name from the DHCP\nresponse will be used for routing DNS only, not for searching." + type: "string" + useHostname: + description: "UseHostname when `true`, the hostname from the DHCP server will be set\nas the transient hostname of the machine." + type: "boolean" + useMTU: + description: "UseMTU when `true`, the MTU from the DHCP server will be set as the\nMTU of the device." + type: "boolean" + useNTP: + description: "UseNTP when `true`, the NTP servers from the DHCP server will be used\nby systemd-timesyncd and take precedence." + type: "boolean" + useRoutes: + description: "UseRoutes when `true`, the routes from the DHCP server will be installed\nin the routing table." + type: "string" + type: "object" + nameservers: + description: "Nameservers is a list of IPv4 and/or IPv6 addresses used as DNS\nnameservers.\nPlease note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf)." + items: + type: "string" + type: "array" + networkName: + description: "NetworkName is the network name for this machine's VM." + type: "string" + searchDomains: + description: "SearchDomains is a list of search domains used when resolving IP\naddresses with DNS." + items: + type: "string" + type: "array" + required: + - "networkName" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "networkName" + x-kubernetes-list-type: "map" networks: description: "Networks is the list of networks within this failure domain" items: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml index 1edd5869a..3fc256e7a 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachines.yaml @@ -68,10 +68,10 @@ spec: description: "CustomVMXKeys is a dictionary of advanced VMX options that can be set on VM\nDefaults to empty map" type: "object" datacenter: - description: "Datacenter is the name or inventory path of the datacenter in which the\nvirtual machine is created/located.\nDefaults to * which selects the default datacenter." + description: "Datacenter is the name, inventory path, managed object reference or the managed\nobject ID of the datacenter in which the virtual machine is created/located.\nDefaults to * which selects the default datacenter." type: "string" datastore: - description: "Datastore is the name or inventory path of the datastore in which the\nvirtual machine is created/located." + description: "Datastore is the name, inventory path, managed object reference or the managed\nobject ID of the datastore in which the virtual machine is created/located." type: "string" diskGiB: description: "DiskGiB is the size of a virtual machine's disk, in GiB.\nDefaults to the eponymous property value in the template from which the\nvirtual machine is cloned." @@ -81,7 +81,7 @@ spec: description: "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API.\nFor this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone." type: "string" folder: - description: "Folder is the name or inventory path of the folder in which the\nvirtual machine is created/located." + description: "Folder is the name, inventory path, managed object reference or the managed\nobject ID of the folder in which the virtual machine is created/located." type: "string" guestSoftPowerOffTimeout: description: "GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest.\nThe VM will be powered off forcibly after the timeout if the VM is still\nup and running when the PowerOffMode is set to trySoft.\n\nThis parameter only applies when the PowerOffMode is set to trySoft.\n\nIf omitted, the timeout defaults to 5 minutes." @@ -216,7 +216,7 @@ spec: type: "string" type: "array" networkName: - description: "NetworkName is the name of the vSphere network to which the device\nwill be connected." + description: "NetworkName is the name, managed object reference or the managed\nobject ID of the vSphere network to which the device will be connected." type: "string" routes: description: "Routes is a list of optional, static routes applied to the device." @@ -322,7 +322,7 @@ spec: description: "ProviderID is the virtual machine's BIOS UUID formated as\nvsphere://12345678-1234-1234-1234-123456789abc" type: "string" resourcePool: - description: "ResourcePool is the name or inventory path of the resource pool in which\nthe virtual machine is created/located." + description: "ResourcePool is the name, inventory path, managed object reference or the managed\nobject ID in which the virtual machine is created/located." type: "string" server: description: "Server is the IP address or FQDN of the vSphere server on which\nthe virtual machine is created/located." @@ -339,7 +339,7 @@ spec: type: "string" type: "array" template: - description: "Template is the name or inventory path of the template used to clone\nthe virtual machine." + description: "Template is the name, inventory path, managed object reference or the managed\nobject ID of the template used to clone the virtual machine." minLength: 1 type: "string" thumbprint: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml index 9eec43f1e..59b0c03a8 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspheremachinetemplates.yaml @@ -66,10 +66,10 @@ spec: description: "CustomVMXKeys is a dictionary of advanced VMX options that can be set on VM\nDefaults to empty map" type: "object" datacenter: - description: "Datacenter is the name or inventory path of the datacenter in which the\nvirtual machine is created/located.\nDefaults to * which selects the default datacenter." + description: "Datacenter is the name, inventory path, managed object reference or the managed\nobject ID of the datacenter in which the virtual machine is created/located.\nDefaults to * which selects the default datacenter." type: "string" datastore: - description: "Datastore is the name or inventory path of the datastore in which the\nvirtual machine is created/located." + description: "Datastore is the name, inventory path, managed object reference or the managed\nobject ID of the datastore in which the virtual machine is created/located." type: "string" diskGiB: description: "DiskGiB is the size of a virtual machine's disk, in GiB.\nDefaults to the eponymous property value in the template from which the\nvirtual machine is cloned." @@ -79,7 +79,7 @@ spec: description: "FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API.\nFor this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone." type: "string" folder: - description: "Folder is the name or inventory path of the folder in which the\nvirtual machine is created/located." + description: "Folder is the name, inventory path, managed object reference or the managed\nobject ID of the folder in which the virtual machine is created/located." type: "string" guestSoftPowerOffTimeout: description: "GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest.\nThe VM will be powered off forcibly after the timeout if the VM is still\nup and running when the PowerOffMode is set to trySoft.\n\nThis parameter only applies when the PowerOffMode is set to trySoft.\n\nIf omitted, the timeout defaults to 5 minutes." @@ -214,7 +214,7 @@ spec: type: "string" type: "array" networkName: - description: "NetworkName is the name of the vSphere network to which the device\nwill be connected." + description: "NetworkName is the name, managed object reference or the managed\nobject ID of the vSphere network to which the device will be connected." type: "string" routes: description: "Routes is a list of optional, static routes applied to the device." @@ -320,7 +320,7 @@ spec: description: "ProviderID is the virtual machine's BIOS UUID formated as\nvsphere://12345678-1234-1234-1234-123456789abc" type: "string" resourcePool: - description: "ResourcePool is the name or inventory path of the resource pool in which\nthe virtual machine is created/located." + description: "ResourcePool is the name, inventory path, managed object reference or the managed\nobject ID in which the virtual machine is created/located." type: "string" server: description: "Server is the IP address or FQDN of the vSphere server on which\nthe virtual machine is created/located." @@ -337,7 +337,7 @@ spec: type: "string" type: "array" template: - description: "Template is the name or inventory path of the template used to clone\nthe virtual machine." + description: "Template is the name, inventory path, managed object reference or the managed\nobject ID of the template used to clone the virtual machine." minLength: 1 type: "string" thumbprint: diff --git a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml index 183f024af..2034606c7 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api-provider-vsphere/infrastructure.cluster.x-k8s.io/v1beta1/vspherevms.yaml @@ -75,17 +75,17 @@ spec: description: "CustomVMXKeys is a dictionary of advanced VMX options that can be set on VM\nDefaults to empty map" type: "object" datacenter: - description: "Datacenter is the name or inventory path of the datacenter in which the\nvirtual machine is created/located.\nDefaults to * which selects the default datacenter." + description: "Datacenter is the name, inventory path, managed object reference or the managed\nobject ID of the datacenter in which the virtual machine is created/located.\nDefaults to * which selects the default datacenter." type: "string" datastore: - description: "Datastore is the name or inventory path of the datastore in which the\nvirtual machine is created/located." + description: "Datastore is the name, inventory path, managed object reference or the managed\nobject ID of the datastore in which the virtual machine is created/located." type: "string" diskGiB: description: "DiskGiB is the size of a virtual machine's disk, in GiB.\nDefaults to the eponymous property value in the template from which the\nvirtual machine is cloned." format: "int32" type: "integer" folder: - description: "Folder is the name or inventory path of the folder in which the\nvirtual machine is created/located." + description: "Folder is the name, inventory path, managed object reference or the managed\nobject ID of the folder in which the virtual machine is created/located." type: "string" guestSoftPowerOffTimeout: description: "GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest.\nThe VM will be powered off forcibly after the timeout if the VM is still\nup and running when the PowerOffMode is set to trySoft.\n\nThis parameter only applies when the PowerOffMode is set to trySoft.\n\nIf omitted, the timeout defaults to 5 minutes." @@ -220,7 +220,7 @@ spec: type: "string" type: "array" networkName: - description: "NetworkName is the name of the vSphere network to which the device\nwill be connected." + description: "NetworkName is the name, managed object reference or the managed\nobject ID of the vSphere network to which the device will be connected." type: "string" routes: description: "Routes is a list of optional, static routes applied to the device." @@ -323,7 +323,7 @@ spec: - "trySoft" type: "string" resourcePool: - description: "ResourcePool is the name or inventory path of the resource pool in which\nthe virtual machine is created/located." + description: "ResourcePool is the name, inventory path, managed object reference or the managed\nobject ID in which the virtual machine is created/located." type: "string" server: description: "Server is the IP address or FQDN of the vSphere server on which\nthe virtual machine is created/located." @@ -340,7 +340,7 @@ spec: type: "string" type: "array" template: - description: "Template is the name or inventory path of the template used to clone\nthe virtual machine." + description: "Template is the name, inventory path, managed object reference or the managed\nobject ID of the template used to clone the virtual machine." minLength: 1 type: "string" thumbprint: diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml index 48ae14707..e03bac957 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinedeployments.yaml @@ -83,7 +83,7 @@ spec: description: "Indicates that the deployment is paused." type: "boolean" progressDeadlineSeconds: - description: "The maximum time in seconds for a deployment to make progress before it\nis considered to be failed. The deployment controller will continue to\nprocess failed deployments and a condition with a ProgressDeadlineExceeded\nreason will be surfaced in the deployment status. Note that progress will\nnot be estimated during the time a deployment is paused. Defaults to 600s." + description: "The maximum time in seconds for a deployment to make progress before it\nis considered to be failed. The deployment controller will continue to\nprocess failed deployments and a condition with a ProgressDeadlineExceeded\nreason will be surfaced in the deployment status. Note that progress will\nnot be estimated during the time a deployment is paused. Defaults to 600s.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details." format: "int32" type: "integer" replicas: @@ -273,7 +273,7 @@ spec: description: "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider." type: "string" readinessGates: - description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: this field is considered only for computing v1beta2 conditions." + description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: This field is considered only for computing v1beta2 conditions.\nNOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those\nreadiness gates condition are reporting the same message, when computing the Machine's Ready condition those\nreadinessGates will be replaced by a single entry reporting \"Control plane components: \" + message.\nThis helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster)." items: description: "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate." properties: @@ -361,7 +361,7 @@ spec: description: "selector is the same as the label selector but in the string format to avoid introspection\nby clients. The string will be in the same format as the query-param syntax.\nMore info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors" type: "string" unavailableReplicas: - description: "Total number of unavailable machines targeted by this deployment.\nThis is the total number of machines that are still required for\nthe deployment to have 100% available capacity. They may either\nbe machines that are running but not yet available or machines\nthat still have not been created." + description: "Total number of unavailable machines targeted by this deployment.\nThis is the total number of machines that are still required for\nthe deployment to have 100% available capacity. They may either\nbe machines that are running but not yet available or machines\nthat still have not been created.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details." format: "int32" type: "integer" updatedReplicas: diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml index ba846cf29..5324ddda0 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinepools.yaml @@ -180,7 +180,7 @@ spec: description: "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider." type: "string" readinessGates: - description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: this field is considered only for computing v1beta2 conditions." + description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: This field is considered only for computing v1beta2 conditions.\nNOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those\nreadiness gates condition are reporting the same message, when computing the Machine's Ready condition those\nreadinessGates will be replaced by a single entry reporting \"Control plane components: \" + message.\nThis helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster)." items: description: "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate." properties: @@ -305,7 +305,7 @@ spec: format: "int32" type: "integer" unavailableReplicas: - description: "Total number of unavailable machine instances targeted by this machine pool.\nThis is the total number of machine instances that are still required for\nthe machine pool to have 100% available capacity. They may either\nbe machine instances that are running but not yet available or machine instances\nthat still have not been created." + description: "Total number of unavailable machine instances targeted by this machine pool.\nThis is the total number of machine instances that are still required for\nthe machine pool to have 100% available capacity. They may either\nbe machine instances that are running but not yet available or machine instances\nthat still have not been created.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details." format: "int32" type: "integer" v1beta2: diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml index eb1556610..8c4dfa039 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machines.yaml @@ -137,7 +137,7 @@ spec: description: "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider." type: "string" readinessGates: - description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: this field is considered only for computing v1beta2 conditions." + description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: This field is considered only for computing v1beta2 conditions.\nNOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those\nreadiness gates condition are reporting the same message, when computing the Machine's Ready condition those\nreadinessGates will be replaced by a single entry reporting \"Control plane components: \" + message.\nThis helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster)." items: description: "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate." properties: diff --git a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml index d9b436d53..ff9daac4f 100644 --- a/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml +++ b/crd-catalog/kubernetes-sigs/cluster-api/cluster.x-k8s.io/v1beta1/machinesets.yaml @@ -214,7 +214,7 @@ spec: description: "providerID is the identification ID of the machine provided by the provider.\nThis field must match the provider ID as seen on the node object corresponding to this machine.\nThis field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler\nwith cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out\nmachines at provider which could not get registered as Kubernetes nodes. With cluster-api as a\ngeneric out-of-tree provider for autoscaler, this field is required by autoscaler to be\nable to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver\nand then a comparison is done to find out unregistered machines and are marked for delete.\nThis field will be set by the actuators and consumed by higher level entities like autoscaler that will\nbe interfacing with cluster-api as generic provider." type: "string" readinessGates: - description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: this field is considered only for computing v1beta2 conditions." + description: "readinessGates specifies additional conditions to include when evaluating Machine Ready condition.\n\nThis field can be used e.g. by Cluster API control plane providers to extend the semantic of the\nReady condition for the Machine they control, like the kubeadm control provider adding ReadinessGates\nfor the APIServerPodHealthy, SchedulerPodHealthy conditions, etc.\n\nAnother example are external controllers, e.g. responsible to install special software/hardware on the Machines;\nthey can include the status of those components with a new condition and add this condition to ReadinessGates.\n\nNOTE: This field is considered only for computing v1beta2 conditions.\nNOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those\nreadiness gates condition are reporting the same message, when computing the Machine's Ready condition those\nreadinessGates will be replaced by a single entry reporting \"Control plane components: \" + message.\nThis helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster)." items: description: "MachineReadinessGate contains the type of a Machine condition to be used as a readiness gate." properties: @@ -289,7 +289,7 @@ spec: description: "In the event that there is a terminal problem reconciling the\nreplicas, both FailureReason and FailureMessage will be set. FailureReason\nwill be populated with a succinct value suitable for machine\ninterpretation, while FailureMessage will contain a more verbose\nstring suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a\ncontroller faces that are expected to be fixed automatically over\ntime (like service outages), but instead indicate that something is\nfundamentally wrong with the MachineTemplate's spec or the configuration of\nthe machine controller, and that manual intervention is required. Examples\nof terminal errors would be invalid combinations of settings in the\nspec, values that are unsupported by the machine controller, or the\nresponsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines\ncan be added as events to the MachineSet object and/or logged in the\ncontroller's output.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details." type: "string" fullyLabeledReplicas: - description: "The number of replicas that have labels matching the labels of the machine template of the MachineSet." + description: "The number of replicas that have labels matching the labels of the machine template of the MachineSet.\n\nDeprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details." format: "int32" type: "integer" observedGeneration: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml index 196807404..2163b2d55 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gatewayclasses.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "gatewayclasses.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml index 85864c59a..574f703a0 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/gateways.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "gateways.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml index 8cdcf117d..e71c9fb12 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/grpcroutes.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "grpcroutes.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml index 49016ef51..db3cb6ec6 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1/httproutes.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "httproutes.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/backendlbpolicies.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/backendlbpolicies.yaml index d595daf99..4cf1e1c06 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/backendlbpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/backendlbpolicies.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "experimental" labels: gateway.networking.k8s.io/policy: "Direct" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml index 109417a13..3e9a9bcd2 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tcproutes.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "experimental" name: "tcproutes.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml index 4ec2039b6..3a1b1fbe1 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/tlsroutes.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "experimental" name: "tlsroutes.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml index 97a252a40..6bbe65aeb 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha2/udproutes.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "experimental" name: "udproutes.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha3/backendtlspolicies.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha3/backendtlspolicies.yaml index 90ada969b..67cdcbee8 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha3/backendtlspolicies.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1alpha3/backendtlspolicies.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "experimental" labels: gateway.networking.k8s.io/policy: "Direct" diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml index d8318a3e6..78ba1858a 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gatewayclasses.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "gatewayclasses.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml index 229cdc39e..d70471598 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/gateways.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "gateways.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml index 05b4fc08a..a610a34c4 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/httproutes.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "httproutes.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/referencegrants.yaml b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/referencegrants.yaml index 4ccfcca30..c9f26c4b9 100644 --- a/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/referencegrants.yaml +++ b/crd-catalog/kubernetes-sigs/gateway-api/gateway.networking.k8s.io/v1beta1/referencegrants.yaml @@ -3,7 +3,7 @@ kind: "CustomResourceDefinition" metadata: annotations: api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/gateway-api/pull/3328" - gateway.networking.k8s.io/bundle-version: "v1.2.0" + gateway.networking.k8s.io/bundle-version: "v1.2.1" gateway.networking.k8s.io/channel: "standard" name: "referencegrants.gateway.networking.k8s.io" spec: diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml index df3629595..1df0cf14d 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/modules.yaml @@ -1611,6 +1611,29 @@ spec: type: "string" description: "Selector describes on which nodes the Module should be loaded and optionally built." type: "object" + tolerations: + description: "If specified, the pod's tolerations." + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" required: - "moduleLoader" - "selector" diff --git a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml index 4a9e0c771..aab3933d6 100644 --- a/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml +++ b/crd-catalog/kubernetes-sigs/kernel-module-management/kmm.sigs.x-k8s.io/v1beta1/nodemodulesconfigs.yaml @@ -109,6 +109,28 @@ spec: type: "array" type: "object" type: "object" + tolerations: + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" required: - "containerImage" - "imagePullPolicy" @@ -220,6 +242,28 @@ spec: type: "array" type: "object" type: "object" + tolerations: + items: + description: "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator ." + properties: + effect: + description: "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute." + type: "string" + key: + description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys." + type: "string" + operator: + description: "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category." + type: "string" + tolerationSeconds: + description: "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system." + format: "int64" + type: "integer" + value: + description: "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string." + type: "string" + type: "object" + type: "array" required: - "containerImage" - "imagePullPolicy" diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml index 33836cfbb..710de2604 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/resourceflavors.yaml @@ -113,6 +113,8 @@ spec: x-kubernetes-validations: - message: "at least one nodeLabel is required when topology is set" rule: "!has(self.topologyName) || self.nodeLabels.size() >= 1" + - message: "resourceFlavorSpec are immutable when topologyName is set" + rule: "!has(oldSelf.topologyName) || self == oldSelf" type: "object" served: true storage: true diff --git a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml index 398dd7c9f..d297725c1 100644 --- a/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml +++ b/crd-catalog/kubernetes-sigs/kueue/kueue.x-k8s.io/v1beta1/workloads.yaml @@ -4815,12 +4815,22 @@ spec: topologyRequest: description: "topologyRequest defines the topology request for the PodSet." properties: + podIndexLabel: + description: "PodIndexLabel indicates the name of the label indexing the pods.\nFor example, in the context of\n- kubernetes job this is: kubernetes.io/job-completion-index\n- JobSet: kubernetes.io/job-completion-index (inherited from Job)\n- Kubeflow: training.kubeflow.org/replica-index" + type: "string" preferred: description: "preferred indicates the topology level preferred by the PodSet, as\nindicated by the `kueue.x-k8s.io/podset-preferred-topology` PodSet\nannotation." type: "string" required: description: "required indicates the topology level required by the PodSet, as\nindicated by the `kueue.x-k8s.io/podset-required-topology` PodSet\nannotation." type: "string" + subGroupCount: + description: "SubGroupIndexLabel indicates the count of replicated Jobs (groups) within a PodSet.\nFor example, in the context of JobSet this value is read from jobset.sigs.k8s.io/replicatedjob-replicas." + format: "int32" + type: "integer" + subGroupIndexLabel: + description: "SubGroupIndexLabel indicates the name of the label indexing the instances of replicated Jobs (groups)\nwithin a PodSet. For example, in the context of JobSet this is jobset.sigs.k8s.io/job-index." + type: "string" type: "object" required: - "count" @@ -4911,7 +4921,7 @@ spec: description: "resourceUsage keeps track of the total resources all the pods in the podset need to run.\n\nBeside what is provided in podSet's specs, this calculation takes into account\nthe LimitRange defaults and RuntimeClass overheads at the moment of admission.\nThis field will not change in case of quota reclaim." type: "object" topologyAssignment: - description: "topologyAssignment indicates the topology assignment divided into\ntopology domains corresponding to the lowest level of the topology.\nThe assignment specifies the number of Pods to be scheduled per topology\ndomain and specifies the node selectors for each topology domain, in the\nfollowing way: the node selector keys are specified by the levels field\n(same for all domains), and the corresponding node selector value is\nspecified by the domains.values subfield.\n\nExample:\n\ntopologyAssignment:\n levels:\n - cloud.provider.com/topology-block\n - cloud.provider.com/topology-rack\n domains:\n - values: [block-1, rack-1]\n count: 4\n - values: [block-1, rack-2]\n count: 2\n\nHere:\n- 4 Pods are to be scheduled on nodes matching the node selector:\n cloud.provider.com/topology-block: block-1\n cloud.provider.com/topology-rack: rack-1\n- 2 Pods are to be scheduled on nodes matching the node selector:\n cloud.provider.com/topology-block: block-1\n cloud.provider.com/topology-rack: rack-2" + description: "topologyAssignment indicates the topology assignment divided into\ntopology domains corresponding to the lowest level of the topology.\nThe assignment specifies the number of Pods to be scheduled per topology\ndomain and specifies the node selectors for each topology domain, in the\nfollowing way: the node selector keys are specified by the levels field\n(same for all domains), and the corresponding node selector value is\nspecified by the domains.values subfield. If the TopologySpec.Levels field contains\n\"kubernetes.io/hostname\" label, topologyAssignment will contain data only for\nthis label, and omit higher levels in the topology\n\nExample:\n\ntopologyAssignment:\n levels:\n - cloud.provider.com/topology-block\n - cloud.provider.com/topology-rack\n domains:\n - values: [block-1, rack-1]\n count: 4\n - values: [block-1, rack-2]\n count: 2\n\nHere:\n- 4 Pods are to be scheduled on nodes matching the node selector:\n cloud.provider.com/topology-block: block-1\n cloud.provider.com/topology-rack: rack-1\n- 2 Pods are to be scheduled on nodes matching the node selector:\n cloud.provider.com/topology-block: block-1\n cloud.provider.com/topology-rack: rack-2\n\nExample:\nBelow there is an equivalent of the above example assuming, Topology\nobject defines kubernetes.io/hostname as the lowest level in topology.\nHence we omit higher level of topologies, since the hostname label\nis sufficient to explicitly identify a proper node.\n\ntopologyAssignment:\n levels:\n - kubernetes.io/hostname\n domains:\n - values: [hostname-1]\n count: 4\n - values: [hostname-2]\n count: 2" properties: domains: description: "domains is a list of topology assignments split by topology domains at\nthe lowest level of the topology." diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml index e7b700dcc..38e8882ef 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/adminnetworkpolicies.yaml @@ -41,60 +41,60 @@ spec: description: "Specification of the desired behavior of AdminNetworkPolicy." properties: egress: - description: "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core" + description: "Egress is the list of Egress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of egress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nANPs with no egress rules do not affect egress traffic.\n\nSupport: Core" items: description: "AdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a AdminNetworkPolicy's\nSubject field.\n" properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\nSupport: Core" enum: - "Allow" - "Deny" - "Pass" type: "string" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: - description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core" + description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of destination ports for the outgoing egress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\nSupport: Core" items: description: "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set." maxProperties: 1 minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -108,14 +108,14 @@ spec: minItems: 1 type: "array" to: - description: "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "To is the List of destinations whose traffic this rule applies to.\nIf any AdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "AdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -148,7 +148,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -231,26 +231,26 @@ spec: maxItems: 100 type: "array" ingress: - description: "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core" + description: "Ingress is the list of Ingress rules to be applied to the selected pods.\nA total of 100 rules will be allowed in each ANP instance.\nThe relative precedence of ingress rules within a single ANP object (all of\nwhich share the priority) will be determined by the order in which the rule\nis written. Thus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nANPs with no ingress rules do not affect ingress traffic.\n\nSupport: Core" items: description: "AdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by an AdminNetworkPolicy's\nSubject field." properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic (even if it would otherwise have been denied by NetworkPolicy)\nDeny: denies the selected traffic\nPass: instructs the selected traffic to skip any remaining ANP rules, and\nthen pass execution to any NetworkPolicies that select the pod.\nIf the pod is not selected by any NetworkPolicies then execution\nis passed to any BaselineAdminNetworkPolicies that select the pod.\n\nSupport: Core" enum: - "Allow" - "Deny" - "Pass" type: "string" from: - description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -283,7 +283,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -360,48 +360,48 @@ spec: minItems: 1 type: "array" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: - description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core" + description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\nSupport: Core" items: description: "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set." maxProperties: 1 minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -421,13 +421,13 @@ spec: maxItems: 100 type: "array" priority: - description: "Priority is a value from 0 to 1000. Policies with lower priority values have\nhigher precedence, and are checked before policies with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nEvery AdminNetworkPolicy should have a unique priority value; if two (or more)\npolicies with the same priority could both match a connection, then the\nimplementation can apply any of the matching policies to the connection, and\nthere is no way for the user to reliably determine which one it will choose.\n\n\nSupport: Core" + description: "Priority is a value from 0 to 1000. Policies with lower priority values have\nhigher precedence, and are checked before policies with higher priority values.\nAll AdminNetworkPolicy rules have higher precedence than NetworkPolicy or\nBaselineAdminNetworkPolicy rules\nEvery AdminNetworkPolicy should have a unique priority value; if two (or more)\npolicies with the same priority could both match a connection, then the\nimplementation can apply any of the matching policies to the connection, and\nthere is no way for the user to reliably determine which one it will choose.\n\nSupport: Core" format: "int32" maximum: 1000.0 minimum: 0.0 type: "integer" subject: - description: "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core" + description: "Subject defines the pods to which this AdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\nSupport: Core" maxProperties: 1 minProperties: 1 properties: @@ -547,7 +547,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -576,7 +576,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml index 737130a6c..a5d9520fb 100644 --- a/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml +++ b/crd-catalog/kubernetes-sigs/network-policy-api/policy.networking.k8s.io/v1alpha1/baselineadminnetworkpolicies.yaml @@ -38,18 +38,18 @@ spec: description: "Specification of the desired behavior of BaselineAdminNetworkPolicy." properties: egress: - description: "Egress is the list of Egress rules to be applied to the selected pods if\nthey are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Egress rules will be allowed in each BANP instance.\nThe relative precedence of egress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nBANPs with no egress rules do not affect egress traffic.\n\n\nSupport: Core" + description: "Egress is the list of Egress rules to be applied to the selected pods if\nthey are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Egress rules will be allowed in each BANP instance.\nThe relative precedence of egress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the egress rules\nwould take the highest precedence.\nBANPs with no egress rules do not affect egress traffic.\n\nSupport: Core" items: description: "BaselineAdminNetworkPolicyEgressRule describes an action to take on a particular\nset of traffic originating from pods selected by a BaselineAdminNetworkPolicy's\nSubject field.\n" properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\nSupport: Core" enum: - "Allow" - "Deny" type: "string" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: @@ -60,37 +60,37 @@ spec: minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -104,14 +104,14 @@ spec: minItems: 1 type: "array" to: - description: "To is the list of destinations whose traffic this rule applies to.\nIf any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "To is the list of destinations whose traffic this rule applies to.\nIf any BaselineAdminNetworkPolicyEgressPeer matches the destination of outgoing\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "BaselineAdminNetworkPolicyEgressPeer defines a peer to allow traffic to.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -144,7 +144,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -227,25 +227,25 @@ spec: maxItems: 100 type: "array" ingress: - description: "Ingress is the list of Ingress rules to be applied to the selected pods\nif they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Ingress rules will be allowed in each BANP instance.\nThe relative precedence of ingress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nBANPs with no ingress rules do not affect ingress traffic.\n\n\nSupport: Core" + description: "Ingress is the list of Ingress rules to be applied to the selected pods\nif they are not matched by any AdminNetworkPolicy or NetworkPolicy rules.\nA total of 100 Ingress rules will be allowed in each BANP instance.\nThe relative precedence of ingress rules within a single BANP object\nwill be determined by the order in which the rule is written.\nThus, a rule that appears at the top of the ingress rules\nwould take the highest precedence.\nBANPs with no ingress rules do not affect ingress traffic.\n\nSupport: Core" items: description: "BaselineAdminNetworkPolicyIngressRule describes an action to take on a particular\nset of traffic destined for pods selected by a BaselineAdminNetworkPolicy's\nSubject field." properties: action: - description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\n\nSupport: Core" + description: "Action specifies the effect this rule will have on matching traffic.\nCurrently the following actions are supported:\nAllow: allows the selected traffic\nDeny: denies the selected traffic\n\nSupport: Core" enum: - "Allow" - "Deny" type: "string" from: - description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\n\nSupport: Core" + description: "From is the list of sources whose traffic this rule applies to.\nIf any AdminNetworkPolicyIngressPeer matches the source of incoming\ntraffic then the specified action is applied.\nThis field must be defined and contain at least one item.\n\nSupport: Core" items: description: "AdminNetworkPolicyIngressPeer defines an in-cluster peer to allow traffic from.\nExactly one of the selector pointers must be set for a given peer. If a\nconsumer observes none of its fields are set, they must assume an unknown\noption has been specified and fail closed." maxProperties: 1 minProperties: 1 properties: namespaces: - description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\n\nSupport: Core" + description: "Namespaces defines a way to select all pods within a set of Namespaces.\nNote that host-networked pods are not included in this type of peer.\n\nSupport: Core" properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -278,7 +278,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" pods: - description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\n\nSupport: Core" + description: "Pods defines a way to select a set of pods in\na set of namespaces. Note that host-networked pods\nare not included in this type of peer.\n\nSupport: Core" properties: namespaceSelector: description: "NamespaceSelector follows standard label selector semantics; if empty,\nit selects all Namespaces." @@ -355,48 +355,48 @@ spec: minItems: 1 type: "array" name: - description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\n\nSupport: Core" + description: "Name is an identifier for this rule, that may be no more than 100 characters\nin length. This field should be used by the implementation to help\nimprove observability, readability and error-reporting for any applied\nBaselineAdminNetworkPolicies.\n\nSupport: Core" maxLength: 100 type: "string" ports: - description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\n\nSupport: Core" + description: "Ports allows for matching traffic based on port and protocols.\nThis field is a list of ports which should be matched on\nthe pods selected for this policy i.e the subject of the policy.\nSo it matches on the destination port for the ingress traffic.\nIf Ports is not set then the rule does not filter traffic via port.\n\nSupport: Core" items: description: "AdminNetworkPolicyPort describes how to select network ports on pod(s).\nExactly one field must be set." maxProperties: 1 minProperties: 1 properties: portNumber: - description: "Port selects a port on a pod(s) based on number.\n\n\nSupport: Core" + description: "Port selects a port on a pod(s) based on number.\n\nSupport: Core" properties: port: - description: "Number defines a network port value.\n\n\nSupport: Core" + description: "Number defines a network port value.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" required: - "port" - "protocol" type: "object" portRange: - description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\n\nSupport: Core" + description: "PortRange selects a port range on a pod(s) based on provided start and end\nvalues.\n\nSupport: Core" properties: end: - description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\n\nSupport: Core" + description: "End defines a network port that is the end of a port range, the End value\nmust be greater than Start.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 type: "integer" protocol: default: "TCP" - description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\n\nSupport: Core" + description: "Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must\nmatch. If not specified, this field defaults to TCP.\n\nSupport: Core" type: "string" start: - description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\n\nSupport: Core" + description: "Start defines a network port that is the start of a port range, the Start\nvalue must be less than End.\n\nSupport: Core" format: "int32" maximum: 65535.0 minimum: 1.0 @@ -416,7 +416,7 @@ spec: maxItems: 100 type: "array" subject: - description: "Subject defines the pods to which this BaselineAdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\n\nSupport: Core" + description: "Subject defines the pods to which this BaselineAdminNetworkPolicy applies.\nNote that host-networked pods are not included in subject selection.\n\nSupport: Core" maxProperties: 1 minProperties: 1 properties: @@ -535,7 +535,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -564,7 +564,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/apparmorprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/apparmorprofiles.yaml index aeeca6ea7..6ae6c1275 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/apparmorprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/apparmorprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.8.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "apparmorprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" @@ -15,84 +15,134 @@ spec: singular: "apparmorprofile" scope: "Namespaced" versions: - - name: "v1alpha1" + - additionalPrinterColumns: + - jsonPath: ".status.status" + name: "Status" + type: "string" + name: "v1alpha1" schema: openAPIV3Schema: - description: "AppArmorProfile is the Schema for the apparmorprofiles API" + description: "AppArmorProfile is a cluster level specification for an AppArmor profile." properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: "string" kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: "string" metadata: type: "object" spec: - description: "AppArmorProfileSpec defines the desired state of AppArmorProfile" + description: "AppArmorProfileSpec defines the desired state of AppArmorProfile." properties: abstract: + description: "Abstract stores the apparmor profile allow lists for executable, file, network and capabilities access." properties: capability: + description: "Capability rules for Linux capabilities." properties: allowedCapabilities: + description: "AllowedCapabilities lost of allowed capabilities." items: type: "string" type: "array" type: "object" executable: + description: "Executable rules for allowed executables." properties: allowedExecutables: + description: "AllowedExecutables list of allowed executables." items: type: "string" type: "array" allowedLibraries: + description: "AllowedLibraries list of allowed libraries." items: type: "string" type: "array" type: "object" filesystem: + description: "Filesystem rules for filesystem access." properties: readOnlyPaths: + description: "ReadOnlyPaths list of allowed read only file paths." items: type: "string" type: "array" readWritePaths: + description: "ReadWritePaths list of allowed read write file paths." items: type: "string" type: "array" writeOnlyPaths: + description: "WriteOnlyPaths list of allowed write only file paths." items: type: "string" type: "array" type: "object" network: + description: "Network rules for network access." properties: allowRaw: + description: "AllowRaw allows raw sockets." type: "boolean" allowedProtocols: + description: "Protocols keeps the allowed networking protocols." properties: allowTcp: + description: "AllowTCP allows TCP socket connections." type: "boolean" allowUdp: + description: "AllowUDP allows UDP sockets connections." type: "boolean" type: "object" type: "object" type: "object" - policy: - type: "string" + complainMode: + description: "ComplainMode places the apparmor profile into \"complain\" mode, by default is placed in \"enforce\" mode.\nIn complain mode, if a given action is not allowed, it will be allowed, but this violation will be\nlogged with a tag of access being \"ALLOWED unconfined\"." + type: "boolean" + disabled: + default: false + description: "Whether the profile is disabled and should be skipped during reconciliation." + type: "boolean" type: "object" status: - description: "AppArmorProfileStatus defines the observed state of AppArmorProfile" + description: "AppArmorProfileStatus defines the observed state of AppArmorProfile." + properties: + conditions: + description: "Conditions of the resource." + items: + description: "A Condition that may apply to a resource." + properties: + lastTransitionTime: + description: "LastTransitionTime is the last time this condition transitioned from one\nstatus to another." + format: "date-time" + type: "string" + message: + description: "A Message containing details about this condition's last transition from\none status to another, if any." + type: "string" + reason: + description: "A Reason for this condition's last transition from one status to another." + type: "string" + status: + description: "Status of this condition; is it currently True, False, or Unknown?" + type: "string" + type: + description: "Type of this condition. At most one of each condition type may apply to\na resource at any point in time." + type: "string" + required: + - "lastTransitionTime" + - "reason" + - "status" + - "type" + type: "object" + type: "array" + status: + description: "ProfileState defines the state that the profile is in. A profile in this context\nrefers to a SeccompProfile or a SELinux profile, the states are shared between them\nas well as the management API." + type: "string" type: "object" type: "object" served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml index 22eedde0a..fc7098c86 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilebindings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "profilebindings.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml index 340cdcd12..a811f3355 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/profilerecordings.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "profilerecordings.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" @@ -76,11 +76,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml index fd872f666..1aa0893d0 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilenodestatuses.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "securityprofilenodestatuses.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml index f3c687891..4627d05a0 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha1/securityprofilesoperatordaemons.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "securityprofilesoperatordaemons.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" @@ -65,11 +65,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -86,11 +88,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" weight: @@ -102,6 +106,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node." properties: @@ -126,11 +131,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchFields: description: "A list of node selector requirements by node's fields." items: @@ -147,14 +154,17 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" x-kubernetes-map-type: "atomic" type: "array" + x-kubernetes-list-type: "atomic" required: - "nodeSelectorTerms" type: "object" @@ -190,11 +200,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -203,13 +215,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -233,11 +245,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -250,6 +264,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -265,6 +280,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -289,11 +305,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -302,13 +320,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -332,11 +350,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -349,6 +369,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -356,6 +377,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" podAntiAffinity: description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s))." @@ -387,11 +409,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -400,13 +424,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -430,11 +454,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -447,6 +473,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -462,6 +489,7 @@ spec: - "weight" type: "object" type: "array" + x-kubernetes-list-type: "atomic" requiredDuringSchedulingIgnoredDuringExecution: description: "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied." items: @@ -486,11 +514,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -499,13 +529,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nAlso, MatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.\nAlso, MismatchLabelKeys cannot be set when LabelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -529,11 +559,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -546,6 +578,7 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" topologyKey: description: "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed." type: "string" @@ -553,6 +586,7 @@ spec: - "topologyKey" type: "object" type: "array" + x-kubernetes-list-type: "atomic" type: "object" type: "object" allowedSeccompActions: @@ -570,13 +604,16 @@ spec: description: "DaemonResourceRequirements if defined, overwrites the default resource requirements\nof SPOD daemon." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -633,7 +670,8 @@ spec: description: "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace." properties: name: - description: "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?" + default: "" + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" type: "object" x-kubernetes-map-type: "atomic" @@ -715,11 +753,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" @@ -746,11 +786,13 @@ spec: items: type: "string" type: "array" + x-kubernetes-list-type: "atomic" required: - "key" - "operator" type: "object" type: "array" + x-kubernetes-list-type: "atomic" matchLabels: additionalProperties: type: "string" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml index 497d65343..dd3f5b264 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/rawselinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "rawselinuxprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml index e899d369d..ea4878949 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1alpha2/selinuxprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "selinuxprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml index fb54804b6..2fb062d53 100644 --- a/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml +++ b/crd-catalog/kubernetes-sigs/security-profiles-operator/security-profiles-operator.x-k8s.io/v1beta1/seccompprofiles.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "seccompprofiles.security-profiles-operator.x-k8s.io" spec: group: "security-profiles-operator.x-k8s.io" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml index b4b3bfe05..148314a02 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/migrations.yaml @@ -453,6 +453,18 @@ spec: items: description: "Precopy durations" properties: + deltas: + items: + properties: + deltaId: + type: "string" + disk: + type: "string" + required: + - "deltaId" + - "disk" + type: "object" + type: "array" end: format: "date-time" type: "string" diff --git a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml index a68556e75..d9830ddd1 100644 --- a/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml +++ b/crd-catalog/kubev2v/forklift/forklift.konveyor.io/v1beta1/plans.yaml @@ -837,6 +837,18 @@ spec: items: description: "Precopy durations" properties: + deltas: + items: + properties: + deltaId: + type: "string" + disk: + type: "string" + required: + - "deltaId" + - "disk" + type: "object" + type: "array" end: format: "date-time" type: "string" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml index 7c44721e0..2f5a2a3d2 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/dataplanes.yaml @@ -12,6 +12,8 @@ spec: kind: "Dataplane" listKind: "DataplaneList" plural: "dataplanes" + shortNames: + - "dp" singular: "dataplane" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml index 05f83fc79..4aad38402 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshaccesslogs.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshAccessLog" listKind: "MeshAccessLogList" plural: "meshaccesslogs" + shortNames: + - "mal" singular: "meshaccesslog" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml index 3a0500215..6263ceb05 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshcircuitbreakers.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshCircuitBreaker" listKind: "MeshCircuitBreakerList" plural: "meshcircuitbreakers" + shortNames: + - "mcb" singular: "meshcircuitbreaker" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml index 6189e1f09..38b84c869 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshfaultinjections.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshFaultInjection" listKind: "MeshFaultInjectionList" plural: "meshfaultinjections" + shortNames: + - "mfi" singular: "meshfaultinjection" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml index 4fba2c028..3e704847c 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshgateways.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshGateway" listKind: "MeshGatewayList" plural: "meshgateways" + shortNames: + - "mgw" singular: "meshgateway" scope: "Cluster" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml index 0c471bc7e..f101e7b17 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhealthchecks.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshHealthCheck" listKind: "MeshHealthCheckList" plural: "meshhealthchecks" + shortNames: + - "mhc" singular: "meshhealthcheck" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml index ab01ef2e8..1b4b44ef4 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshhttproutes.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshHTTPRoute" listKind: "MeshHTTPRouteList" plural: "meshhttproutes" + shortNames: + - "mhttpr" singular: "meshhttproute" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml index c456597a4..02dc5016b 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshloadbalancingstrategies.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshLoadBalancingStrategy" listKind: "MeshLoadBalancingStrategyList" plural: "meshloadbalancingstrategies" + shortNames: + - "mlbs" singular: "meshloadbalancingstrategy" scope: "Namespaced" versions: @@ -171,6 +173,7 @@ spec: enum: - "Header" - "Cookie" + - "Connection" - "SourceIP" - "QueryParameter" - "FilterState" @@ -257,6 +260,7 @@ spec: enum: - "Header" - "Cookie" + - "Connection" - "SourceIP" - "QueryParameter" - "FilterState" diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml index 14c09158d..b467c96b4 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshproxypatches.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshProxyPatch" listKind: "MeshProxyPatchList" plural: "meshproxypatches" + shortNames: + - "mpp" singular: "meshproxypatch" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml index 109bb6232..f3fec006b 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshratelimits.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshRateLimit" listKind: "MeshRateLimitList" plural: "meshratelimits" + shortNames: + - "mrl" singular: "meshratelimit" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml index 72a615c43..0c94a5ddd 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshretries.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshRetry" listKind: "MeshRetryList" plural: "meshretries" + shortNames: + - "mr" singular: "meshretry" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml index 5a2932572..8edaf2e6a 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtcproutes.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshTCPRoute" listKind: "MeshTCPRouteList" plural: "meshtcproutes" + shortNames: + - "mtcpr" singular: "meshtcproute" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml index df947a744..8e7929c89 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtimeouts.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshTimeout" listKind: "MeshTimeoutList" plural: "meshtimeouts" + shortNames: + - "mt" singular: "meshtimeout" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml index 98cec2924..65318da6f 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtraces.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshTrace" listKind: "MeshTraceList" plural: "meshtraces" + shortNames: + - "mtr" singular: "meshtrace" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml index 3350d7591..e567c0dc0 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/meshtrafficpermissions.yaml @@ -12,6 +12,8 @@ spec: kind: "MeshTrafficPermission" listKind: "MeshTrafficPermissionList" plural: "meshtrafficpermissions" + shortNames: + - "mtp" singular: "meshtrafficpermission" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml index 092856f3d..d8c8b89fb 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneegresses.yaml @@ -12,6 +12,8 @@ spec: kind: "ZoneEgress" listKind: "ZoneEgressList" plural: "zoneegresses" + shortNames: + - "ze" singular: "zoneegress" scope: "Namespaced" versions: diff --git a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml index e789a8917..1a868cde0 100644 --- a/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml +++ b/crd-catalog/kumahq/kuma/kuma.io/v1alpha1/zoneingresses.yaml @@ -12,6 +12,8 @@ spec: kind: "ZoneIngress" listKind: "ZoneIngressList" plural: "zoneingresses" + shortNames: + - "zi" singular: "zoneingress" scope: "Namespaced" versions: diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml index 0cf921dd5..90889306e 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/configurations.yaml @@ -157,6 +157,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -568,6 +571,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml index 5c296b217..aaaff98af 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha1/tests.yaml @@ -180,6 +180,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -591,6 +594,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -957,6 +963,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -1368,6 +1377,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -1600,6 +1612,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -2011,6 +2026,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -2277,6 +2295,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -2688,6 +2709,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -3131,6 +3155,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -3892,6 +3919,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" diff --git a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml index 44dd02493..4413091b9 100644 --- a/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml +++ b/crd-catalog/kyverno/chainsaw/chainsaw.kyverno.io/v1alpha2/configurations.yaml @@ -218,6 +218,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" @@ -629,6 +632,9 @@ spec: - "value" type: "object" type: "array" + skipCommandOutput: + description: "SkipCommandOutput removes the command from the output logs." + type: "boolean" skipLogOutput: description: "SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise." type: "boolean" diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml index 3ab113e41..7d0216b4c 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/clusterpolicies.yaml @@ -1781,10 +1781,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -1869,10 +1869,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." @@ -5196,10 +5196,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -5284,10 +5284,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml index eb3cbad92..91e32b9d2 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v1/policies.yaml @@ -1781,10 +1781,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -1869,10 +1869,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." @@ -5196,10 +5196,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -5284,10 +5284,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml index dc8364688..53ac31345 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/clusterpolicies.yaml @@ -1499,10 +1499,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -1587,10 +1587,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." @@ -5011,10 +5011,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -5099,10 +5099,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." diff --git a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml index 7e3acf66d..6321df645 100644 --- a/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml +++ b/crd-catalog/kyverno/kyverno/kyverno.io/v2beta1/policies.yaml @@ -1499,10 +1499,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -1587,10 +1587,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." @@ -5011,10 +5011,10 @@ spec: - "Descending" type: "string" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" preconditions: description: "AnyAllConditions are used to determine if a policy rule should be applied by evaluating a\nset of conditions. The declaration can contain nested `any` or `all` statements.\nSee: https://kyverno.io/docs/writing-policies/preconditions/" @@ -5099,10 +5099,10 @@ spec: description: "MutateExistingOnPolicyUpdate controls if the mutateExisting rule will be applied on policy events." type: "boolean" patchStrategicMerge: - description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/." + description: "PatchStrategicMerge is a strategic merge patch used to modify resources.\nSee https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/\nand https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/." x-kubernetes-preserve-unknown-fields: true patchesJson6902: - description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/." + description: "PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources.\nSee https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/." type: "string" targets: description: "Targets defines the target resources to be mutated." diff --git a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml index a6ed6ddd2..2c783cbce 100644 --- a/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml +++ b/crd-catalog/metal3-io/baremetal-operator/metal3.io/v1alpha1/baremetalhosts.yaml @@ -424,6 +424,7 @@ spec: - "preparation error" - "provisioning error" - "power management error" + - "servicing error" type: "string" goodCredentials: description: "The last credentials we were able to validate as working." @@ -661,6 +662,7 @@ spec: - "error" - "delayed" - "detached" + - "servicing" type: "string" poweredOn: description: "The currently detected power state of the host. This field may get\nbriefly out of sync with the actual state of the hardware while\nprovisioning processes are running." diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml index 81d340f4c..f5e303047 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta1/flowcollectors.yaml @@ -1334,6 +1334,24 @@ spec: description: "`env` allows passing custom environment variables to underlying components. Useful for passing\nsome very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be\npublicly exposed as part of the FlowCollector descriptor, as they are only useful\nin edge debug or support scenarios." type: "object" type: "object" + deduper: + description: "`deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage." + properties: + mode: + default: "Disabled" + description: "Set the Processor deduper mode (de-duplication). It comes in addition to the Agent deduper because the Agent cannot de-duplicate same flows reported from different nodes.
\n- Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially loosing some information such as the network interfaces used from peer.
\n- Use `Sample` to randomly keep only 1 flow on 50 (by default) among the ones considered as duplicates. This is a compromise between dropping every duplicates or keeping every duplicates. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling are 50, the combined sampling is 1:2500.
\n- Use `Disabled` to turn off Processor-based de-duplication.
" + enum: + - "Disabled" + - "Drop" + - "Sample" + type: "string" + sampling: + default: 50 + description: "`sampling` is the sampling rate when deduper `mode` is `Sample`." + format: "int32" + minimum: 0.0 + type: "integer" + type: "object" dropUnusedFields: default: true description: "`dropUnusedFields` [deprecated (*)] this setting is not used anymore." @@ -1342,6 +1360,53 @@ spec: default: true description: "`enableKubeProbes` is a flag to enable or disable Kubernetes liveness and readiness probes" type: "boolean" + filters: + description: "`filters` let you define custom filters to limit the amount of generated flows." + items: + description: "`FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions" + properties: + allOf: + description: "`filters` is a list of matches that must be all satisfied in order to remove a flow." + items: + description: "`FLPSingleFilter` defines the desired configuration for a single FLP-based filter" + properties: + field: + description: "Name of the field to filter on\nRefer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html." + type: "string" + matchType: + default: "Equal" + description: "Type of matching to apply" + enum: + - "Equal" + - "NotEqual" + - "Presence" + - "Absence" + - "MatchRegex" + - "NotMatchRegex" + type: "string" + value: + description: "Value to filter on. When `matchType` is `Equal` or `NotEqual`, you can use field injection with `$(SomeField)` to refer to any other field of the flow." + type: "string" + required: + - "field" + - "matchType" + type: "object" + type: "array" + outputTarget: + description: "If specified, this filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted." + enum: + - "" + - "Loki" + - "Metrics" + - "Exporters" + type: "string" + sampling: + description: "`sampling` is an optional sampling rate to apply to this filter." + format: "int32" + minimum: 0.0 + type: "integer" + type: "object" + type: "array" healthPort: default: 8080 description: "`healthPort` is a collector HTTP port in the Pod that exposes the health check API" diff --git a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml index 50551bf2e..45524132f 100644 --- a/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml +++ b/crd-catalog/netobserv/network-observability-operator/flows.netobserv.io/v1beta2/flowcollectors.yaml @@ -680,7 +680,7 @@ spec: description: "`flowFilter` defines the eBPF agent configuration regarding flow filtering." properties: action: - description: "`action` defines the action to perform on the flows that match the filter." + description: "`action` defines the action to perform on the flows that match the filter. The available options are `Accept`, which is the default, and `Reject`." enum: - "Accept" - "Reject" @@ -692,10 +692,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "`destPorts` defines the destination ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `destPorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `destPorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." + description: "`destPorts` optionally defines the destination ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `destPorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `destPorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." x-kubernetes-int-or-string: true direction: - description: "`direction` defines the direction to filter flows by." + description: "`direction` optionally defines a direction to filter flows by. The available options are `Ingress` and `Egress`." enum: - "Ingress" - "Egress" @@ -704,25 +704,25 @@ spec: description: "Set `enable` to `true` to enable the eBPF flow filtering feature." type: "boolean" icmpCode: - description: "`icmpCode`, for Internet Control Message Protocol (ICMP) traffic, defines the ICMP code to filter flows by." + description: "`icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by." type: "integer" icmpType: - description: "`icmpType`, for ICMP traffic, defines the ICMP type to filter flows by." + description: "`icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by." type: "integer" peerIP: - description: "`peerIP` defines the IP address to filter flows by.\nExample: `10.10.10.10`." + description: "`peerIP` optionally defines the remote IP address to filter flows by.\nExample: `10.10.10.10`." type: "string" pktDrops: - description: "`pktDrops` filters flows with packet drops" + description: "`pktDrops` optionally filters only flows containing packet drops." type: "boolean" ports: anyOf: - type: "integer" - type: "string" - description: "`ports` defines the ports to filter flows by. It is used both for source and destination ports.\nTo filter a single port, set a single port as an integer value. For example, `ports: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `ports: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." + description: "`ports` optionally defines the ports to filter flows by. It is used both for source and destination ports.\nTo filter a single port, set a single port as an integer value. For example, `ports: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `ports: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." x-kubernetes-int-or-string: true protocol: - description: "`protocol` defines the protocol to filter flows by." + description: "`protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6`, and `SCTP`." enum: - "TCP" - "UDP" @@ -734,10 +734,10 @@ spec: anyOf: - type: "integer" - type: "string" - description: "`sourcePorts` defines the source ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `sourcePorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." + description: "`sourcePorts` optionally defines the source ports to filter flows by.\nTo filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`.\nTo filter a range of ports, use a \"start-end\" range in string format. For example, `sourcePorts: \"80-100\"`.\nTo filter two ports, use a \"port1,port2\" in string format. For example, `ports: \"80,100\"`." x-kubernetes-int-or-string: true tcpFlags: - description: "`tcpFlags` defines the TCP flags to filter flows by." + description: "`tcpFlags` optionally defines TCP flags to filter flows by.\nIn addition to the standard flags (RFC-9293), you can also filter by one of the three following combinations: `SYN-ACK`, `FIN-ACK`, and `RST-ACK`." enum: - "SYN" - "SYN-ACK" @@ -847,7 +847,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2071,7 +2071,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2091,7 +2091,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2288,7 +2288,7 @@ spec: - "targetPort" type: "object" type: - description: "`type` selects the type of exporters. The available options are `Kafka` and `IPFIX`." + description: "`type` selects the type of exporters. The available options are `Kafka`, `IPFIX`, and `OpenTelemetry`." enum: - "Kafka" - "IPFIX" @@ -2322,7 +2322,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2342,7 +2342,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" @@ -2798,7 +2798,7 @@ spec: type: "string" type: "array" enable: - description: "Set `enable` to `true` to deploy network policies on the namespaces used by NetObserv (main and privileged). It is disabled by default.\nThese network policies better isolate the NetObserv components to prevent undesired connections to them.\nWe recommend you either enable it, or create your own network policy for NetObserv." + description: "Set `enable` to `true` to deploy network policies on the namespaces used by NetObserv (main and privileged). It is disabled by default.\nThese network policies better isolate the NetObserv components to prevent undesired connections to them.\nTo increase the security of connections, enable this option or create your own network policy." type: "boolean" type: "object" processor: @@ -3473,6 +3473,71 @@ spec: default: "" description: "`clusterName` is the name of the cluster to appear in the flows data. This is useful in a multi-cluster context. When using OpenShift, leave empty to make it automatically determined." type: "string" + deduper: + description: "`deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage.\nIMPORTANT: This feature is available as a Developer Preview." + properties: + mode: + default: "Disabled" + description: "Set the Processor de-duplication mode. It comes in addition to the Agent-based deduplication because the Agent cannot de-duplicate same flows reported from different nodes.
\n- Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially loosing some information such as the network interfaces used from peer, or network events.
\n- Use `Sample` to randomly keep only 1 flow on 50 (by default) among the ones considered as duplicates. This is a compromise between dropping every duplicates or keeping every duplicates. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling are 50, the combined sampling is 1:2500.
\n- Use `Disabled` to turn off Processor-based de-duplication.
" + enum: + - "Disabled" + - "Drop" + - "Sample" + type: "string" + sampling: + default: 50 + description: "`sampling` is the sampling rate when deduper `mode` is `Sample`." + format: "int32" + minimum: 0.0 + type: "integer" + type: "object" + filters: + description: "`filters` let you define custom filters to limit the amount of generated flows.\nIMPORTANT: This feature is available as a Developer Preview." + items: + description: "`FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions" + properties: + allOf: + description: "`filters` is a list of matches that must be all satisfied in order to remove a flow." + items: + description: "`FLPSingleFilter` defines the desired configuration for a single FLP-based filter" + properties: + field: + description: "Name of the field to filter on\nRefer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html." + type: "string" + matchType: + default: "Equal" + description: "Type of matching to apply" + enum: + - "Equal" + - "NotEqual" + - "Presence" + - "Absence" + - "MatchRegex" + - "NotMatchRegex" + type: "string" + value: + description: "Value to filter on. When `matchType` is `Equal` or `NotEqual`, you can use field injection with `$(SomeField)` to refer to any other field of the flow." + type: "string" + required: + - "field" + - "matchType" + type: "object" + type: "array" + outputTarget: + description: "If specified, this filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted." + enum: + - "" + - "Loki" + - "Metrics" + - "Exporters" + type: "string" + sampling: + description: "`sampling` is an optional sampling rate to apply to this filter." + format: "int32" + minimum: 0.0 + type: "integer" + type: "object" + type: "array" imagePullPolicy: default: "IfNotPresent" description: "`imagePullPolicy` is the Kubernetes pull policy for the image defined above" @@ -3904,7 +3969,7 @@ spec: description: "Namespace of the config map or secret containing the file. If omitted, the default is to use the same namespace as where NetObserv is deployed.\nIf the namespace is different, the config map or the secret is copied so that it can be mounted as required." type: "string" type: - description: "Type for the file reference: \"configmap\" or \"secret\"." + description: "Type for the file reference: `configmap` or `secret`." enum: - "configmap" - "secret" diff --git a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml index 5e750d65a..2f28ea71c 100644 --- a/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml +++ b/crd-catalog/nginxinc/nginx-kubernetes-gateway/gateway.nginx.org/v1alpha1/observabilitypolicies.yaml @@ -64,6 +64,7 @@ spec: - "name" type: "object" maxItems: 16 + minItems: 1 type: "array" x-kubernetes-validations: - message: "TargetRef Kind must be: HTTPRoute or GRPCRoute" diff --git a/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml b/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml index b6f760950..22cde83ad 100644 --- a/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml +++ b/crd-catalog/openshift/hive/hive.openshift.io/v1/clusterdeploymentcustomizations.yaml @@ -55,7 +55,6 @@ spec: type: "string" valueJSON: description: "ValueJSON is a string representing a JSON object to be used in the operation. As such,\ninternal quotes must be escaped. If nonempty, Value is ignored." - format: "byte" type: "string" required: - "op" diff --git a/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml b/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml index 55a12011a..fe17532f3 100644 --- a/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml +++ b/crd-catalog/openshift/hive/hive.openshift.io/v1/machinepools.yaml @@ -358,7 +358,7 @@ spec: description: "OpenStack is the configuration used when installing on OpenStack." properties: additionalSecurityGroupIDs: - description: "AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID\nis presented in the format sg-xxxx." + description: "AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID\nis presented in the UUID format." items: type: "string" type: "array" diff --git a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml index c55f94d48..52f6f99ea 100644 --- a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml +++ b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworknodestates.yaml @@ -151,6 +151,15 @@ spec: - "pciAddress" type: "object" type: "array" + system: + properties: + rdmaMode: + description: "RDMA subsystem. Allowed value \"shared\", \"exclusive\"." + enum: + - "shared" + - "exclusive" + type: "string" + type: "object" type: "object" status: description: "SriovNetworkNodeStateStatus defines the observed state of SriovNetworkNodeState" @@ -299,6 +308,15 @@ spec: type: "string" syncStatus: type: "string" + system: + properties: + rdmaMode: + description: "RDMA subsystem. Allowed value \"shared\", \"exclusive\"." + enum: + - "shared" + - "exclusive" + type: "string" + type: "object" type: "object" type: "object" served: true diff --git a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml index 3ec5cf214..293198116 100644 --- a/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml +++ b/crd-catalog/openshift/sriov-network-operator/sriovnetwork.openshift.io/v1/sriovnetworkpoolconfigs.yaml @@ -73,6 +73,12 @@ spec: description: "Name is mandatory and must be unique.\nOn Kubernetes:\nName is the name of OvsHardwareOffloadConfig\nOn OpenShift:\nName is the name of MachineConfigPool to be enabled with OVS hardware offload" type: "string" type: "object" + rdmaMode: + description: "RDMA subsystem. Allowed value \"shared\", \"exclusive\"." + enum: + - "shared" + - "exclusive" + type: "string" type: "object" status: description: "SriovNetworkPoolConfigStatus defines the observed state of SriovNetworkPoolConfig" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml index 0881631c7..6936b7be1 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgbackups.yaml @@ -115,6 +115,7 @@ spec: - "bucket" type: "object" name: + default: "repo1" description: "The name of the repository" pattern: "^repo[1-4]" type: "string" diff --git a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml index 7a690dbf6..d14044a8d 100644 --- a/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml +++ b/crd-catalog/percona/percona-postgresql-operator/pgv2.percona.com/v2/perconapgclusters.yaml @@ -1996,6 +1996,7 @@ spec: - "bucket" type: "object" name: + default: "repo1" description: "The name of the repository" pattern: "^repo[1-4]" type: "string" @@ -2735,6 +2736,7 @@ spec: description: "Priority class name for the pgBackRest restore Job pod. Changing this\nvalue causes PostgreSQL to restart.\nMore info: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/" type: "string" repoName: + default: "repo1" description: "The name of the pgBackRest repo within the source PostgresCluster that contains the backups\nthat should be utilized to perform a pgBackRest restore when initializing the data source\nfor the new PostgresCluster." pattern: "^repo[1-4]" type: "string" @@ -3698,6 +3700,7 @@ spec: - "bucket" type: "object" name: + default: "repo1" description: "The name of the repository" pattern: "^repo[1-4]" type: "string" @@ -4499,6 +4502,7 @@ spec: description: "Priority class name for the pgBackRest restore Job pod. Changing this\nvalue causes PostgreSQL to restart.\nMore info: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/" type: "string" repoName: + default: "repo1" description: "The name of the pgBackRest repo within the source PostgresCluster that contains the backups\nthat should be utilized to perform a pgBackRest restore when initializing the data source\nfor the new PostgresCluster." pattern: "^repo[1-4]" type: "string" @@ -7966,6 +7970,7 @@ spec: description: "Switchover gives options to perform ad hoc switchovers in a PostgresCluster." properties: enabled: + default: false description: "Whether or not the operator should allow switchovers in a PostgresCluster" type: "boolean" targetInstance: diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml index e6402bdb2..1f1338d25 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbbackups.yaml @@ -94,6 +94,13 @@ spec: type: "string" error: type: "string" + filesystem: + properties: + path: + type: "string" + required: + - "path" + type: "object" lastTransition: format: "date-time" type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml index f1b9dc3ed..8b9d90be1 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbrestores.yaml @@ -64,6 +64,13 @@ spec: type: "string" error: type: "string" + filesystem: + properties: + path: + type: "string" + required: + - "path" + type: "object" lastTransition: format: "date-time" type: "string" diff --git a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml index 124a2c192..3ed0ba13b 100644 --- a/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml +++ b/crd-catalog/percona/percona-server-mongodb-operator/psmdb.percona.com/v1/perconaservermongodbs.yaml @@ -307,6 +307,13 @@ spec: required: - "credentialsSecret" type: "object" + filesystem: + properties: + path: + type: "string" + required: + - "path" + type: "object" s3: properties: bucket: @@ -387,6 +394,28 @@ spec: - "name" type: "object" type: "array" + volumeMounts: + items: + properties: + mountPath: + type: "string" + mountPropagation: + type: "string" + name: + type: "string" + readOnly: + type: "boolean" + recursiveReadOnly: + type: "string" + subPath: + type: "string" + subPathExpr: + type: "string" + required: + - "mountPath" + - "name" + type: "object" + type: "array" required: - "enabled" - "image" @@ -18734,7 +18763,6 @@ spec: type: "array" required: - "name" - - "passwordSecretRef" - "roles" type: "object" type: "array" diff --git a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml index fa7c1c752..02aefc621 100644 --- a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml +++ b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusterbackups.yaml @@ -56,6 +56,9 @@ spec: type: "string" spec: properties: + activeDeadlineSeconds: + format: "int64" + type: "integer" containerOptions: properties: args: diff --git a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml index 4bafa1f1e..058243d6c 100644 --- a/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml +++ b/crd-catalog/percona/percona-xtradb-cluster-operator/pxc.percona.com/v1/perconaxtradbclusters.yaml @@ -54,6 +54,9 @@ spec: type: "boolean" backup: properties: + activeDeadlineSeconds: + format: "int64" + type: "integer" allowParallel: type: "boolean" annotations: @@ -10229,6 +10232,34 @@ spec: versionServiceEndpoint: type: "string" type: "object" + users: + items: + properties: + dbs: + items: + type: "string" + type: "array" + grants: + items: + type: "string" + type: "array" + hosts: + items: + type: "string" + type: "array" + name: + type: "string" + passwordSecretRef: + properties: + key: + type: "string" + name: + type: "string" + type: "object" + withGrantOption: + type: "boolean" + type: "object" + type: "array" vaultSecretName: type: "string" type: "object" diff --git a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml index 013eb93c6..ad7bf939b 100644 --- a/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml +++ b/crd-catalog/projectcalico/calico/crd.projectcalico.org/v1/felixconfigurations.yaml @@ -73,7 +73,7 @@ spec: type: "string" type: "array" bpfDataIfacePattern: - description: "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...)." + description: "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...) or any other special device managed by Calico itself (e.g., tunnels)." type: "string" bpfDisableGROForIfaces: description: "BPFDisableGROForIfaces is a regular expression that controls which interfaces Felix should disable the Generic Receive Offload [GRO] option. It should not match the workload interfaces (usually named cali...)." diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml index 0cdba8c4d..e73e13db6 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1/httpproxies.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "httpproxies.projectcontour.io" spec: group: "projectcontour.io" @@ -779,18 +779,21 @@ spec: type: "integer" type: "array" retryOn: - description: "RetryOn specifies the conditions on which to retry a request.\nSupported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on):\n- `5xx`\n- `gateway-error`\n- `reset`\n- `connect-failure`\n- `retriable-4xx`\n- `refused-stream`\n- `retriable-status-codes`\n- `retriable-headers`\nSupported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on):\n- `cancelled`\n- `deadline-exceeded`\n- `internal`\n- `resource-exhausted`\n- `unavailable`" + description: "RetryOn specifies the conditions on which to retry a request.\nSupported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on):\n- `5xx`\n- `gateway-error`\n- `reset`\n- `reset-before-request`\n- `connect-failure`\n- `envoy-ratelimited`\n- `retriable-4xx`\n- `refused-stream`\n- `retriable-status-codes`\n- `retriable-headers`\n- `http3-post-connect-failure`\nSupported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on):\n- `cancelled`\n- `deadline-exceeded`\n- `internal`\n- `resource-exhausted`\n- `unavailable`" items: description: "RetryOn is a string type alias with validation to ensure that the value is valid." enum: - "5xx" - "gateway-error" - "reset" + - "reset-before-request" - "connect-failure" + - "envoy-ratelimited" - "retriable-4xx" - "refused-stream" - "retriable-status-codes" - "retriable-headers" + - "http3-post-connect-failure" - "cancelled" - "deadline-exceeded" - "internal" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml index 9b2807309..962f78139 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1/tlscertificatedelegations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "tlscertificatedelegations.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml index 3913c5583..b82be2499 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourconfigurations.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "contourconfigurations.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml index c10728b49..1cc10aa02 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/contourdeployments.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "contourdeployments.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml index f638ecc9d..aee2077ff 100644 --- a/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml +++ b/crd-catalog/projectcontour/contour/projectcontour.io/v1alpha1/extensionservices.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.16.4" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "extensionservices.projectcontour.io" spec: group: "projectcontour.io" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml index ebfa2eb02..9d19a0967 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/podmonitors.yaml @@ -486,8 +486,14 @@ spec: description: "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`)." type: "string" port: - description: "Name of the Pod port which this endpoint refers to.\n\nIt takes precedence over `targetPort`." + description: "The `Pod` port name which exposes the endpoint.\n\nIt takes precedence over the `portNumber` and `targetPort` fields." type: "string" + portNumber: + description: "The `Pod` port number which exposes the endpoint." + format: "int32" + maximum: 65535.0 + minimum: 1.0 + type: "integer" proxyUrl: description: "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target." type: "string" @@ -562,7 +568,7 @@ spec: anyOf: - type: "integer" - type: "string" - description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' instead." + description: "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' or 'portNumber' instead." x-kubernetes-int-or-string: true tlsConfig: description: "TLS configuration to use when scraping the target." @@ -704,15 +710,25 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml index a262e74c8..15c187637 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/probes.yaml @@ -468,15 +468,25 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml index fdf21fa7c..1ca894edc 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/prometheuses.yaml @@ -747,7 +747,12 @@ spec: type: "object" type: "array" apiVersion: - description: "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"v1\" or \"v2\"." + description: "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"V1\" or \"V2\".\nThe field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported." + enum: + - "v1" + - "V1" + - "v2" + - "V2" type: "string" authorization: description: "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`." @@ -2204,7 +2209,7 @@ spec: type: "object" type: "array" disableCompaction: - description: "When true, the Prometheus compaction is disabled." + description: "When true, the Prometheus compaction is disabled.\nWhen `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically\ndisables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends)." type: "boolean" dnsConfig: description: "Defines the DNS configuration for the pods." @@ -2261,6 +2266,9 @@ spec: type: "string" type: "array" x-kubernetes-list-type: "set" + enableOTLPReceiver: + description: "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0." + type: "boolean" enableRemoteWriteReceiver: description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0." type: "boolean" @@ -3332,6 +3340,12 @@ spec: description: "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate." format: "int32" type: "integer" + nameValidationScheme: + description: "Specifies the validation scheme for metric and label names." + enum: + - "UTF8" + - "Legacy" + type: "string" nodeSelector: additionalProperties: type: "string" @@ -3348,6 +3362,12 @@ spec: minItems: 1 type: "array" x-kubernetes-list-type: "set" + translationStrategy: + description: "Configures how the OTLP receiver endpoint translates the incoming metrics.\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "NoUTF8EscapingWithSuffixes" + - "UnderscoreEscapingWithSuffixes" + type: "string" type: "object" overrideHonorLabels: description: "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to “exported_” for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects." @@ -5296,20 +5316,30 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeInterval: default: "30s" description: "Interval between consecutive scrapes.\n\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" @@ -5507,7 +5537,7 @@ spec: description: "Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name." type: "string" shards: - description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1" + description: "Number of shards to distribute scraped targets onto.\n\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\nbeing created.\n\nWhen not defined, the operator assumes only one shard.\n\nNote that scaling down shards will not reshard data onto the remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\nAlerting and recording rules\n\nBy default, the sharding is performed on:\n* The `__address__` target's metadata label for PodMonitor,\nServiceMonitor and ScrapeConfig resources.\n* The `__param_target__` label for Probe resources.\n\nUsers can define their own sharding implementation by setting the\n`__tmp_hash` label during the target discovery with relabeling\nconfiguration (either in the monitoring resources or via scrape class)." format: "int32" type: "integer" storage: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml index 1ee960e33..c2fdba708 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/servicemonitors.yaml @@ -716,15 +716,25 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeProtocols: description: "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml index da967dc37..89afde784 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1/thanosrulers.yaml @@ -631,7 +631,7 @@ spec: type: "object" type: "object" alertDropLabels: - description: "AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts.\nThe replica label `thanos_ruler_replica` will always be dropped in alerts." + description: "Configures the label names which should be dropped in Thanos Ruler\nalerts.\n\nThe replica label `thanos_ruler_replica` will always be dropped from the alerts." items: type: "string" type: "array" @@ -639,10 +639,10 @@ spec: description: "The external Query URL the Thanos Ruler will set in the 'Source' field\nof all alerts.\nMaps to the '--alert.query-url' CLI arg." type: "string" alertRelabelConfigFile: - description: "AlertRelabelConfigFile specifies the path of the alert relabeling configuration file.\nWhen used alongside with AlertRelabelConfigs, alertRelabelConfigFile takes precedence." + description: "Configures the path to the alert relabeling configuration file.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `alertRelabelConfig`." type: "string" alertRelabelConfigs: - description: "AlertRelabelConfigs configures alert relabeling in ThanosRuler.\nAlert relabel configurations must have the form as specified in the official Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\nAlternative to AlertRelabelConfigFile, and lower order priority." + description: "Configures alert relabeling in Thanos Ruler.\n\nAlert relabel configuration must have the form as specified in the\nofficial Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe operator performs no validation of the configuration.\n\n`alertRelabelConfigFile` takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -659,7 +659,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" alertmanagersConfig: - description: "Define configuration for connecting to alertmanager. Only available with thanos v0.10.0\nand higher. Maps to the `alertmanagers.config` arg." + description: "Configures the list of Alertmanager endpoints to send alerts to.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager.\n\nIt requires Thanos >= v0.10.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `alertmanagersUrl`." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -676,7 +676,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" alertmanagersUrl: - description: "Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher,\nAlertManagersConfig should be used instead. Note: this field will be ignored\nif AlertManagersConfig is specified.\nMaps to the `alertmanagers.url` arg." + description: "Configures the list of Alertmanager endpoints to send alerts to.\n\nFor Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead.\n\n`alertmanagersConfig` takes precedence over this field." items: type: "string" type: "array" @@ -2723,7 +2723,7 @@ spec: labels: additionalProperties: type: "string" - description: "Labels configure the external label pairs to ThanosRuler. A default replica label\n`thanos_ruler_replica` will be always added as a label with the value of the pod's name and it will be dropped in the alerts." + description: "Configures the external label pairs of the ThanosRuler resource.\n\nA default replica label `thanos_ruler_replica` will be always added as a\nlabel with the value of the pod's name." type: "object" listenLocal: description: "ListenLocal makes the Thanos ruler listen on loopback, so that it\ndoes not bind against the Pod IP." @@ -2754,7 +2754,7 @@ spec: description: "Define which Nodes the Pods are scheduled on." type: "object" objectStorageConfig: - description: "ObjectStorageConfig configures object storage in Thanos.\nAlternative to ObjectStorageConfigFile, and lower order priority." + description: "Configures object storage.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration.\n\n`objectStorageConfigFile` takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -2771,7 +2771,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" objectStorageConfigFile: - description: "ObjectStorageConfigFile specifies the path of the object storage configuration file.\nWhen used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence." + description: "Configures the path of the object storage configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `objectStorageConfig`." type: "string" paused: description: "When a ThanosRuler deployment is paused, no actions except for deletion\nwill be performed on the underlying objects." @@ -2817,7 +2817,7 @@ spec: type: "object" type: "array" queryConfig: - description: "Define configuration for connecting to thanos query instances.\nIf this is defined, the QueryEndpoints field will be ignored.\nMaps to the `query.config` CLI argument.\nOnly available with thanos v0.11.0 and higher." + description: "Configures the list of Thanos Query endpoints from which to query metrics.\n\nThe configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api\n\nIt requires Thanos >= v0.11.0.\n\nThe operator performs no validation of the configuration.\n\nThis field takes precedence over `queryEndpoints`." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -2834,7 +2834,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" queryEndpoints: - description: "QueryEndpoints defines Thanos querier endpoints from which to query metrics.\nMaps to the --query flag of thanos ruler." + description: "Configures the list of Thanos Query endpoints from which to query metrics.\n\nFor Thanos >= v0.11.0, it is recommended to use `queryConfig` instead.\n\n`queryConfig` takes precedence over this field." items: type: "string" type: "array" @@ -2924,7 +2924,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" ruleSelector: - description: "A label selector to select which PrometheusRules to mount for alerting and\nrecording." + description: "PrometheusRule objects to be selected for rule evaluation. An empty\nlabel selector matches all objects. A null label selector matches no\nobjects." properties: matchExpressions: description: "matchExpressions is a list of label selector requirements. The requirements are ANDed." @@ -3530,7 +3530,7 @@ spec: type: "object" type: "array" tracingConfig: - description: "TracingConfig configures tracing in Thanos.\n\n`tracingConfigFile` takes precedence over this field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Configures tracing.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration.\n\n`tracingConfigFile` takes precedence over this field." properties: key: description: "The key of the secret to select from. Must be a valid secret key." @@ -3547,7 +3547,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" tracingConfigFile: - description: "TracingConfig specifies the path of the tracing configuration file.\n\nThis field takes precedence over `tracingConfig`.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way." + description: "Configures the path of the tracing configuration file.\n\nThe configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.\n\nThe operator performs no validation of the configuration file.\n\nThis field takes precedence over `tracingConfig`." type: "string" version: description: "Version of Thanos to be deployed." diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml index 2fbd53a0a..82b5bcb71 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/alertmanagerconfigs.yaml @@ -541,6 +541,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1233,6 +1236,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1788,6 +1794,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2340,6 +2349,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2899,6 +2911,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -3527,6 +3542,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -4038,6 +4056,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -4607,6 +4628,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5140,6 +5164,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5633,6 +5660,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6119,6 +6149,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6646,6 +6679,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml index c3679ab3d..a07cc3ffc 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/prometheusagents.yaml @@ -1815,6 +1815,9 @@ spec: type: "string" type: "array" x-kubernetes-list-type: "set" + enableOTLPReceiver: + description: "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0." + type: "boolean" enableRemoteWriteReceiver: description: "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0." type: "boolean" @@ -2879,6 +2882,12 @@ spec: - "StatefulSet" - "DaemonSet" type: "string" + nameValidationScheme: + description: "Specifies the validation scheme for metric and label names." + enum: + - "UTF8" + - "Legacy" + type: "string" nodeSelector: additionalProperties: type: "string" @@ -2895,6 +2904,12 @@ spec: minItems: 1 type: "array" x-kubernetes-list-type: "set" + translationStrategy: + description: "Configures how the OTLP receiver endpoint translates the incoming metrics.\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "NoUTF8EscapingWithSuffixes" + - "UnderscoreEscapingWithSuffixes" + type: "string" type: "object" overrideHonorLabels: description: "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data\n to “exported_” for all targets created from ServiceMonitor, PodMonitor and\nScrapeConfig objects. Otherwise the HonorLabels field of the service or pod monitor applies.\nIn practice,`overrideHonorLaels:true` enforces `honorLabels:false`\nfor all ServiceMonitor, PodMonitor and ScrapeConfig objects." @@ -3864,6 +3879,15 @@ spec: routePrefix: description: "The route prefix Prometheus registers HTTP handlers for.\n\nThis is useful when using `spec.externalURL`, and a proxy is rewriting\nHTTP routes of a request, and the actual ExternalURL is still true, but\nthe server serves requests under a different route prefix. For example\nfor use with `kubectl proxy`." type: "string" + runtime: + description: "RuntimeConfig configures the values for the Prometheus process behavior" + properties: + goGC: + description: "The Go garbage collection target percentage. Lowering this number may increase the CPU usage.\nSee: https://tip.golang.org/doc/gc-guide#GOGC" + format: "int32" + minimum: -1.0 + type: "integer" + type: "object" sampleLimit: description: "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedSampleLimit." format: "int64" @@ -4201,20 +4225,30 @@ spec: type: "object" type: "object" x-kubernetes-map-type: "atomic" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeInterval: default: "30s" description: "Interval between consecutive scrapes.\n\nDefault: \"30s\"" pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" type: "string" scrapeProtocols: - description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." + description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.\n\n`PrometheusText1.0.0` requires Prometheus >= v3.0.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" type: "array" x-kubernetes-list-type: "set" @@ -4409,7 +4443,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" shards: - description: "Number of shards to distribute targets onto. `spec.replicas`\nmultiplied by `spec.shards` is the total number of Pods created.\n\nNote that scaling down shards will not reshard data onto remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\n\nSharding is performed on the content of the `__address__` target meta-label\nfor PodMonitors and ServiceMonitors and `__param_target__` for Probes.\n\nDefault: 1" + description: "Number of shards to distribute scraped targets onto.\n\n`spec.replicas` multiplied by `spec.shards` is the total number of Pods\nbeing created.\n\nWhen not defined, the operator assumes only one shard.\n\nNote that scaling down shards will not reshard data onto the remaining\ninstances, it must be manually moved. Increasing shards will not reshard\ndata either but it will continue to be available from the same\ninstances. To query globally, use Thanos sidecar and Thanos querier or\nremote write data to a central location.\nAlerting and recording rules\n\nBy default, the sharding is performed on:\n* The `__address__` target's metadata label for PodMonitor,\nServiceMonitor and ScrapeConfig resources.\n* The `__param_target__` label for Probe resources.\n\nUsers can define their own sharding implementation by setting the\n`__tmp_hash` label during the target discovery with relabeling\nconfiguration (either in the monitoring resources or via scrape class)." format: "int32" type: "integer" storage: diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml index ffe5a1d17..92c52829f 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1alpha1/scrapeconfigs.yaml @@ -160,7 +160,7 @@ spec: description: "Allow stale Consul results (see https://www.consul.io/api/features/consistency.html). Will reduce load on Consul.\nIf unset, Prometheus uses its default value." type: "boolean" authorization: - description: "Authorization header configuration to authenticate against the Consul Server." + description: "Optional Authorization header configuration to authenticate against the Consul Server.\nCannot be set at the same time as `basicAuth`, or `oauth2`." properties: credentials: description: "Selects a key of a Secret in the namespace that contains the credentials for authentication." @@ -184,7 +184,7 @@ spec: type: "string" type: "object" basicAuth: - description: "BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints" + description: "Optional BasicAuth information to authenticate against the Consul Server.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoints\nCannot be set at the same time as `authorization`, or `oauth2`." properties: password: description: "`password` specifies a key of a Secret containing the password for\nauthentication." @@ -223,15 +223,21 @@ spec: type: "object" datacenter: description: "Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter." + minLength: 1 type: "string" enableHTTP2: description: "Whether to enable HTTP2.\nIf unset, Prometheus uses its default value." type: "boolean" + filter: + description: "Filter expression used to filter the catalog results.\nSee https://www.consul.io/api-docs/catalog#list-services\nIt requires Prometheus >= 3.0.0." + minLength: 1 + type: "string" followRedirects: description: "Configure whether HTTP requests follow HTTP 3xx redirects.\nIf unset, Prometheus uses its default value." type: "boolean" namespace: - description: "Namespaces are only supported in Consul Enterprise." + description: "Namespaces are only supported in Consul Enterprise.\n\nIt requires Prometheus >= 2.28.0." + minLength: 1 type: "string" noProxy: description: "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." @@ -239,11 +245,11 @@ spec: nodeMeta: additionalProperties: type: "string" - description: "Node metadata key/value pairs to filter nodes for a given service." + description: "Node metadata key/value pairs to filter nodes for a given service.\nStarting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead." type: "object" x-kubernetes-map-type: "atomic" oauth2: - description: "Optional OAuth 2.0 configuration." + description: "Optional OAuth2.0 configuration.\nCannot be set at the same time as `basicAuth`, or `authorization`." properties: clientId: description: "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID." @@ -473,6 +479,11 @@ spec: type: "object" partition: description: "Admin Partitions are only supported in Consul Enterprise." + minLength: 1 + type: "string" + pathPrefix: + description: "Prefix for URIs for when consul is behind an API gateway (reverse proxy).\n\nIt requires Prometheus >= 2.45.0." + minLength: 1 type: "string" proxyConnectHeader: additionalProperties: @@ -515,7 +526,7 @@ spec: - "HTTPS" type: "string" server: - description: "A valid string consisting of a hostname or IP followed by an optional port number." + description: "Consul server address. A valid string consisting of a hostname or IP followed by an optional port number." minLength: 1 type: "string" services: @@ -523,18 +534,19 @@ spec: items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" + x-kubernetes-list-type: "set" tagSeparator: description: "The string by which Consul tags are joined into the tag label.\nIf unset, Prometheus uses its default value." + minLength: 1 type: "string" tags: - description: "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list." + description: "An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.\nStarting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead." items: type: "string" type: "array" - x-kubernetes-list-type: "atomic" + x-kubernetes-list-type: "set" tlsConfig: - description: "TLS Config" + description: "TLS configuration to connect to the Consul API." properties: ca: description: "Certificate authority used when verifying server certificates." @@ -942,6 +954,9 @@ spec: type: "object" port: description: "The port to scrape metrics from." + format: "int32" + maximum: 65535.0 + minimum: 0.0 type: "integer" proxyConnectHeader: additionalProperties: @@ -2380,6 +2395,9 @@ spec: enableCompression: description: "When false, Prometheus will request uncompressed response from the scraped target.\n\nIt requires Prometheus >= v2.49.0.\n\nIf unset, Prometheus uses true by default." type: "boolean" + enableHTTP2: + description: "Whether to enable HTTP2." + type: "boolean" eurekaSDConfigs: description: "EurekaSDConfigs defines a list of Eureka service discovery configurations." items: @@ -7907,6 +7925,15 @@ spec: scrapeClassicHistograms: description: "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0." type: "boolean" + scrapeFallbackProtocol: + description: "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0." + enum: + - "PrometheusProto" + - "OpenMetricsText0.0.1" + - "OpenMetricsText1.0.0" + - "PrometheusText0.0.4" + - "PrometheusText1.0.0" + type: "string" scrapeInterval: description: "ScrapeInterval is the interval between consecutive scrapes." pattern: "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$" @@ -7914,12 +7941,13 @@ spec: scrapeProtocols: description: "The protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0." items: - description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`" + description: "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`" enum: - "PrometheusProto" - "OpenMetricsText0.0.1" - "OpenMetricsText1.0.0" - "PrometheusText0.0.4" + - "PrometheusText1.0.0" type: "string" minItems: 1 type: "array" diff --git a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml index c8aace24f..0e90b56d7 100644 --- a/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml +++ b/crd-catalog/prometheus-operator/prometheus-operator/monitoring.coreos.com/v1beta1/alertmanagerconfigs.yaml @@ -461,6 +461,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1147,6 +1150,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -1698,6 +1704,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2251,6 +2260,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -2804,6 +2816,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -3424,6 +3439,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -3933,6 +3951,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -4498,6 +4519,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5027,6 +5051,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -5518,6 +5545,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6002,6 +6032,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" @@ -6523,6 +6556,9 @@ spec: proxyFromEnvironment: description: "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0." type: "boolean" + proxyURL: + description: "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`." + type: "string" proxyUrl: description: "`proxyURL` defines the HTTP proxy server to use." pattern: "^http(s)?://.+$" diff --git a/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulpbackups.yaml b/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulpbackups.yaml index 30f5e3616..90faee551 100644 --- a/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulpbackups.yaml +++ b/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulpbackups.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "pulpbackups.repo-manager.pulpproject.org" spec: group: "repo-manager.pulpproject.org" @@ -212,13 +212,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -317,13 +317,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -421,13 +421,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -526,13 +526,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -628,7 +628,7 @@ spec: type: "string" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -657,7 +657,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulprestores.yaml b/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulprestores.yaml index ac4442245..1e532775e 100644 --- a/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulprestores.yaml +++ b/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulprestores.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "pulprestores.repo-manager.pulpproject.org" spec: group: "repo-manager.pulpproject.org" @@ -61,7 +61,7 @@ spec: properties: conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -90,7 +90,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulps.yaml b/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulps.yaml index a5653df9b..40469db6e 100644 --- a/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulps.yaml +++ b/crd-catalog/pulp/pulp-operator/repo-manager.pulpproject.org/v1beta2/pulps.yaml @@ -2,7 +2,7 @@ apiVersion: "apiextensions.k8s.io/v1" kind: "CustomResourceDefinition" metadata: annotations: - controller-gen.kubebuilder.io/version: "v0.14.0" + controller-gen.kubebuilder.io/version: "v0.16.5" name: "pulps.repo-manager.pulpproject.org" spec: group: "repo-manager.pulpproject.org" @@ -57,7 +57,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -107,7 +107,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -128,13 +128,16 @@ spec: description: "Resource requirements for pulpcore aux container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -356,13 +359,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -461,13 +464,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -565,13 +568,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -670,13 +673,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -757,7 +760,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -807,7 +810,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -854,7 +857,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -904,7 +907,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -925,13 +928,16 @@ spec: description: "Resource requirements for pulpcore aux container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -984,7 +990,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1117,7 +1124,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." + description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." type: "string" type: "object" readinessProbe: @@ -1145,7 +1152,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -1235,13 +1243,16 @@ spec: description: "Resource requirements for the pulp api container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -1272,7 +1283,7 @@ spec: description: "The deployment strategy to use to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -1353,7 +1364,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -1363,14 +1374,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -1568,13 +1579,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1673,13 +1684,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1777,13 +1788,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1882,13 +1893,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -1979,7 +1990,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2091,7 +2103,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -2180,13 +2193,16 @@ spec: description: "Resource requirements for the Redis container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -2220,7 +2236,7 @@ spec: description: "The deployment strategy to use to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -2457,13 +2473,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2562,13 +2578,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2666,13 +2682,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2771,13 +2787,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -2858,7 +2874,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -2908,7 +2924,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -2955,7 +2971,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -3005,7 +3021,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -3026,13 +3042,16 @@ spec: description: "Resource requirements for pulpcore aux container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3085,7 +3104,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3218,7 +3238,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." + description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." type: "string" type: "object" readinessProbe: @@ -3246,7 +3266,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -3336,13 +3357,16 @@ spec: description: "Resource requirements for the pulp-content container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -3373,7 +3397,7 @@ spec: description: "The deployment strategy to use to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -3454,7 +3478,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -3464,14 +3488,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -3672,13 +3696,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3777,13 +3801,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3881,13 +3905,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -3986,13 +4010,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -4074,7 +4098,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -4182,13 +4207,16 @@ spec: description: "Resource requirements for the database container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4252,7 +4280,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -4508,7 +4537,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4558,7 +4587,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4579,13 +4608,16 @@ spec: description: "Resource requirements for pulpcore aux container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4707,7 +4739,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4757,7 +4789,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -4778,13 +4810,16 @@ spec: description: "Resource requirements for pulpcore aux container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4847,13 +4882,16 @@ spec: description: "Resource requirements for the sidecar container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -4914,7 +4952,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -4964,7 +5002,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5003,7 +5041,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5136,7 +5175,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." + description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." type: "string" type: "object" readinessProbe: @@ -5164,7 +5203,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -5254,13 +5294,16 @@ spec: description: "Resource requirements for the pulp-web container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -5296,7 +5339,7 @@ spec: description: "The deployment strategy to use to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -5507,13 +5550,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5612,13 +5655,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5716,13 +5759,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5821,13 +5864,13 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" x-kubernetes-list-type: "atomic" mismatchLabelKeys: - description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate." + description: "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default)." items: type: "string" type: "array" @@ -5908,7 +5951,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -5958,7 +6001,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -5997,7 +6040,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the ConfigMap or its key must be defined" @@ -6047,7 +6090,7 @@ spec: type: "string" name: default: "" - description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nTODO: Add other useful fields. apiVersion, kind, uid?\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896." + description: "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: "string" optional: description: "Specify whether the Secret or its key must be defined" @@ -6068,13 +6111,16 @@ spec: description: "Resource requirements for pulpcore aux container." properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6127,7 +6173,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6260,7 +6307,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." + description: "UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods\nshould be considered for eviction. Current implementation considers healthy pods,\nas pods that have status.conditions item with type=\"Ready\",status=\"True\".\n\nValid policies are IfHealthyBudget and AlwaysAllow.\nIf no policy is specified, the default behavior will be used,\nwhich corresponds to the IfHealthyBudget policy.\n\nIfHealthyBudget policy means that running pods (status.phase=\"Running\"),\nbut not yet healthy can be evicted only if the guarded application is not\ndisrupted (status.currentHealthy is at least equal to status.desiredHealthy).\nHealthy pods will be subject to the PDB for eviction.\n\nAlwaysAllow policy means that all running pods (status.phase=\"Running\"),\nbut not yet healthy are considered disrupted and can be evicted regardless\nof whether the criteria in a PDB is met. This means perspective running\npods of a disrupted application might not get a chance to become healthy.\nHealthy pods will be subject to the PDB for eviction.\n\nAdditional policies may be added in the future.\nClients making eviction decisions should disallow eviction of unhealthy pods\nif they encounter an unrecognized policy in this field.\n\nThis field is beta-level. The eviction API uses this field when\nthe feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default)." type: "string" type: "object" readinessProbe: @@ -6288,7 +6335,8 @@ spec: format: "int32" type: "integer" service: - description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC." + default: "" + description: "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC." type: "string" required: - "port" @@ -6378,13 +6426,16 @@ spec: description: "Resource requirements for the pulp-api container" properties: claims: - description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers." + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers." items: description: "ResourceClaim references one entry in PodSpec.ResourceClaims." properties: name: description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." type: "string" + request: + description: "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request." + type: "string" required: - "name" type: "object" @@ -6415,7 +6466,7 @@ spec: description: "The deployment strategy to use to replace existing pods with new ones." properties: rollingUpdate: - description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate.\n---\nTODO: Update this to follow our convention for oneOf, whatever we decide it\nto be." + description: "Rolling update config params. Present only if DeploymentStrategyType =\nRollingUpdate." properties: maxSurge: anyOf: @@ -6496,7 +6547,7 @@ spec: type: "object" x-kubernetes-map-type: "atomic" matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." + description: "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default)." items: type: "string" type: "array" @@ -6506,14 +6557,14 @@ spec: format: "int32" type: "integer" minDomains: - description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." + description: "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew." format: "int32" type: "integer" nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: "string" topologyKey: description: "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field." @@ -6542,7 +6593,7 @@ spec: type: "string" conditions: items: - description: "Condition contains details for one aspect of the current state of this API Resource.\n---\nThis struct is intended for direct use as an array at the field path .status.conditions. For example,\n\n\n\ttype FooStatus struct{\n\t // Represents the observations of a foo's current state.\n\t // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t // other fields\n\t}" + description: "Condition contains details for one aspect of the current state of this API Resource." properties: lastTransitionTime: description: "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." @@ -6571,7 +6622,7 @@ spec: - "Unknown" type: "string" type: - description: "type of condition in CamelCase or in foo.example.com/CamelCase.\n---\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions can be\nuseful (see .node.status.conditions), the ability to deconflict is important.\nThe regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + description: "type of condition in CamelCase or in foo.example.com/CamelCase." maxLength: 316 pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" type: "string" diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml index ee3623b6a..de5dd10a6 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayclusters.yaml @@ -4115,6 +4115,9 @@ spec: properties: groupName: type: "string" + idleTimeoutSeconds: + format: "int32" + type: "integer" maxReplicas: default: 2147483647 format: "int32" diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml index cf745a1a3..e0d15e25c 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayjobs.yaml @@ -4127,6 +4127,9 @@ spec: properties: groupName: type: "string" + idleTimeoutSeconds: + format: "int32" + type: "integer" maxReplicas: default: 2147483647 format: "int32" diff --git a/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml b/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml index 0d1d10c8f..470632dbc 100644 --- a/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml +++ b/crd-catalog/ray-project/kuberay/ray.io/v1/rayservices.yaml @@ -4093,6 +4093,9 @@ spec: properties: groupName: type: "string" + idleTimeoutSeconds: + format: "int32" + type: "integer" maxReplicas: default: 2147483647 format: "int32" @@ -7929,6 +7932,8 @@ spec: serviceUnhealthySecondThreshold: format: "int32" type: "integer" + upgradeStrategy: + type: "string" type: "object" status: properties: diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml index 391e5472a..03c5e9e92 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephblockpools.yaml @@ -353,6 +353,9 @@ spec: phase: description: "ConditionType represent a resource's status" type: "string" + poolID: + description: "optional" + type: "integer" snapshotScheduleStatus: description: "SnapshotScheduleStatusSpec is the status of the snapshot schedule" properties: diff --git a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml index 4e1ccb11f..33cff259f 100644 --- a/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml +++ b/crd-catalog/rook/rook/ceph.rook.io/v1/cephclusters.yaml @@ -1887,6 +1887,14 @@ spec: minimum: 0.0 nullable: true type: "number" + migration: + description: "Migration handles the OSD migration" + properties: + confirmation: + description: "A user confirmation to migrate the OSDs. It destroys each OSD one at a time, cleans up the backing disk\nand prepares OSD with same ID on that disk" + pattern: "^$|^yes-really-migrate-osds$" + type: "string" + type: "object" nearFullRatio: description: "NearFullRatio is the ratio at which the cluster is considered nearly full and will raise a ceph health warning. Default is 0.85." maximum: 1.0 @@ -3680,6 +3688,12 @@ spec: osd: description: "OSDStatus represents OSD status of the ceph Cluster" properties: + migrationStatus: + description: "MigrationStatus status represents the current status of any OSD migration." + properties: + pending: + type: "integer" + type: "object" storeType: additionalProperties: type: "integer" diff --git a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml index caa039405..bb730cb4d 100644 --- a/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml +++ b/crd-catalog/scylladb/scylla-operator/scylla.scylladb.com/v1alpha1/scyllaoperatorconfigs.yaml @@ -33,6 +33,9 @@ spec: spec: description: "spec defines the desired state of the operator." properties: + configuredClusterDomain: + description: "configuredClusterDomain allows users to set the configured Kubernetes cluster domain explicitly, instead of letting Scylla Operator automatically discover it." + type: "string" scyllaUtilsImage: description: "scyllaUtilsImage is a ScyllaDB image used for running ScyllaDB utilities." type: "string" @@ -52,6 +55,53 @@ spec: bashToolsImage: description: "bashToolsImage is a generic Bash image with extra tools used by the operator for auxiliary purposes." type: "string" + clusterDomain: + description: "clusterDomain is the Kubernetes cluster domain used by the Scylla Operator." + type: "string" + conditions: + description: "conditions hold conditions describing ScyllaOperatorConfig state." + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable." + format: "date-time" + type: "string" + message: + description: "message is a human readable message indicating details about the transition. This may be an empty string." + maxLength: 32768 + type: "string" + observedGeneration: + description: "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance." + format: "int64" + minimum: 0.0 + type: "integer" + reason: + description: "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty." + maxLength: 1024 + minLength: 1 + pattern: "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$" + type: "string" + status: + description: "status of the condition, one of True, False, Unknown." + enum: + - "True" + - "False" + - "Unknown" + type: "string" + type: + description: "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" + maxLength: 316 + pattern: "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$" + type: "string" + required: + - "lastTransitionTime" + - "message" + - "reason" + - "status" + - "type" + type: "object" + type: "array" grafanaImage: description: "grafanaImage is the image used by the operator to create a Grafana instance." type: "string" diff --git a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml index a6b1a69c4..66ad5af9c 100644 --- a/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml +++ b/crd-catalog/solo-io/gloo/enterprise.gloo.solo.io/v1/authconfigs.yaml @@ -5,6 +5,9 @@ metadata: spec: group: "enterprise.gloo.solo.io" names: + categories: + - "solo-io" + - "gloo-gateway" kind: "AuthConfig" listKind: "AuthConfigList" plural: "authconfigs" @@ -966,6 +969,33 @@ spec: required: - "config" type: "object" + portalAuth: + properties: + apiKeyHeader: + type: "string" + cacheDuration: + type: "string" + redisOptions: + properties: + db: + format: "int32" + type: "integer" + host: + type: "string" + poolSize: + format: "int32" + type: "integer" + socketType: + type: "string" + x-kubernetes-int-or-string: true + tlsCertMountPath: + type: "string" + type: "object" + requestTimeout: + type: "string" + url: + type: "string" + type: "object" type: "object" type: "array" failOnRedirect: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml index e0e16d2ea..866643226 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/gateways.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "Gateway" listKind: "GatewayList" plural: "gateways" @@ -3869,6 +3871,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -4209,6 +4219,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4326,6 +4344,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4463,6 +4489,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4640,6 +4674,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4757,6 +4799,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4894,6 +4944,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5063,6 +5121,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5180,6 +5246,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5317,6 +5391,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5442,6 +5524,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5559,6 +5649,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5749,6 +5847,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -6277,6 +6383,9 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "array" + tcpStats: + nullable: true + type: "boolean" type: "object" proxyNames: items: @@ -6538,6 +6647,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -6878,6 +6995,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6995,6 +7120,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7132,6 +7265,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7309,6 +7450,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7426,6 +7575,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7563,6 +7720,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7732,6 +7897,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7849,6 +8022,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7986,6 +8167,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8111,6 +8300,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8228,6 +8425,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8418,6 +8623,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml index d83978239..c87e8a530 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/httpgateways.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "MatchableHttpGateway" listKind: "MatchableHttpGatewayList" plural: "httpgateways" diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml index f5d4c1610..2b02d190d 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routeoptions.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "RouteOption" listKind: "RouteOptionList" plural: "routeoptions" @@ -1856,6 +1858,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1973,6 +1983,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2110,6 +2128,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2287,6 +2313,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2404,6 +2438,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2541,6 +2583,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2710,6 +2760,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2827,6 +2885,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2964,6 +3030,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3111,6 +3185,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3228,6 +3310,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml index 9143bd918..c8c0dd820 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/routetables.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "RouteTable" listKind: "RouteTableList" plural: "routetables" @@ -1966,6 +1968,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2083,6 +2093,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2220,6 +2238,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2397,6 +2423,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2514,6 +2548,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2651,6 +2693,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2820,6 +2870,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2937,6 +2995,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3074,6 +3140,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3221,6 +3295,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3338,6 +3420,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -3660,6 +3750,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -4000,6 +4098,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4117,6 +4223,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4254,6 +4368,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4431,6 +4553,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4548,6 +4678,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4685,6 +4823,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4854,6 +5000,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4971,6 +5125,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5108,6 +5270,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5233,6 +5403,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5350,6 +5528,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5540,6 +5726,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml index 9171bd084..a7e7065f5 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualhostoptions.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "VirtualHostOption" listKind: "VirtualHostOptionList" plural: "virtualhostoptions" @@ -1512,6 +1514,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1629,6 +1639,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1766,6 +1784,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1943,6 +1969,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2060,6 +2094,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2197,6 +2239,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2366,6 +2416,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2483,6 +2541,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2620,6 +2686,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2759,6 +2833,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2876,6 +2958,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: diff --git a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml index 700bc49bd..c02f2fe42 100644 --- a/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml +++ b/crd-catalog/solo-io/gloo/gateway.solo.io/v1/virtualservices.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gateway.solo.io" names: + categories: + - "gloo-gateway" kind: "VirtualService" listKind: "VirtualServiceList" plural: "virtualservices" @@ -1602,6 +1604,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1719,6 +1729,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1856,6 +1874,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2033,6 +2059,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2150,6 +2184,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2287,6 +2329,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2456,6 +2506,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2573,6 +2631,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2710,6 +2776,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2849,6 +2923,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -2966,6 +3048,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -4985,6 +5075,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5102,6 +5200,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5239,6 +5345,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5416,6 +5530,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5533,6 +5655,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5670,6 +5800,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5839,6 +5977,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -5956,6 +6102,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6093,6 +6247,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6240,6 +6402,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6357,6 +6527,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -6679,6 +6857,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -7019,6 +7205,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7136,6 +7330,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7273,6 +7475,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7450,6 +7660,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7567,6 +7785,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7704,6 +7930,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7873,6 +8107,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -7990,6 +8232,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8127,6 +8377,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8252,6 +8510,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8369,6 +8635,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -8559,6 +8833,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml index 974e22ff7..af3234739 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/proxies.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "Proxy" listKind: "ProxyList" plural: "proxies" @@ -456,6 +458,9 @@ spec: x-kubernetes-int-or-string: true type: "object" type: "array" + tcpStats: + nullable: true + type: "boolean" type: "object" routeOptions: properties: diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml index 143ba5ccf..35ad86bdc 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/settings.yaml @@ -7,6 +7,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "Settings" listKind: "SettingsList" plural: "settings" diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml index 6db914ab6..153a9d830 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreamgroups.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "UpstreamGroup" listKind: "UpstreamGroupList" plural: "upstreamgroups" @@ -192,6 +194,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -532,6 +542,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -649,6 +667,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -786,6 +812,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -963,6 +997,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1080,6 +1122,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1217,6 +1267,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1386,6 +1444,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1503,6 +1569,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1640,6 +1714,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1765,6 +1847,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: @@ -1882,6 +1972,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" xsltTransformation: properties: diff --git a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml index 922e9c8e3..d33912a9e 100644 --- a/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml +++ b/crd-catalog/solo-io/gloo/gloo.solo.io/v1/upstreams.yaml @@ -5,6 +5,8 @@ metadata: spec: group: "gloo.solo.io" names: + categories: + - "gloo-gateway" kind: "Upstream" listKind: "UpstreamList" plural: "upstreams" @@ -742,6 +744,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -1400,6 +1410,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -1766,6 +1784,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" @@ -2081,6 +2107,14 @@ spec: x-kubernetes-int-or-string: true passthrough: type: "object" + spanTransformer: + properties: + name: + properties: + text: + type: "string" + type: "object" + type: "object" type: "object" type: "object" type: "object" diff --git a/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml b/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml index 2894db266..e340565e8 100644 --- a/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml +++ b/crd-catalog/solo-io/gloo/graphql.gloo.solo.io/v1beta1/graphqlapis.yaml @@ -5,6 +5,9 @@ metadata: spec: group: "graphql.gloo.solo.io" names: + categories: + - "solo-io" + - "gloo-gateway" kind: "GraphQLApi" listKind: "GraphQLApiList" plural: "graphqlapis" diff --git a/crd-catalog/stackabletech/druid-operator/druid.stackable.tech/v1alpha1/druidclusters.yaml b/crd-catalog/stackabletech/druid-operator/druid.stackable.tech/v1alpha1/druidclusters.yaml index daf257cde..460e5d442 100644 --- a/crd-catalog/stackabletech/druid-operator/druid.stackable.tech/v1alpha1/druidclusters.yaml +++ b/crd-catalog/stackabletech/druid-operator/druid.stackable.tech/v1alpha1/druidclusters.yaml @@ -153,6 +153,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -366,6 +370,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -980,6 +988,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1193,6 +1205,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1391,6 +1407,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1635,6 +1655,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1909,6 +1933,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -2122,6 +2150,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -2320,6 +2352,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -2533,6 +2569,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/hbase-operator/hbase.stackable.tech/v1alpha1/hbaseclusters.yaml b/crd-catalog/stackabletech/hbase-operator/hbase.stackable.tech/v1alpha1/hbaseclusters.yaml index 36c6ad794..f1764050e 100644 --- a/crd-catalog/stackabletech/hbase-operator/hbase.stackable.tech/v1alpha1/hbaseclusters.yaml +++ b/crd-catalog/stackabletech/hbase-operator/hbase.stackable.tech/v1alpha1/hbaseclusters.yaml @@ -283,6 +283,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -501,6 +505,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -705,6 +713,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -923,6 +935,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1127,6 +1143,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1345,6 +1365,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/hdfs-operator/hdfs.stackable.tech/v1alpha1/hdfsclusters.yaml b/crd-catalog/stackabletech/hdfs-operator/hdfs.stackable.tech/v1alpha1/hdfsclusters.yaml index b6cee9c20..5e8bed463 100644 --- a/crd-catalog/stackabletech/hdfs-operator/hdfs.stackable.tech/v1alpha1/hdfsclusters.yaml +++ b/crd-catalog/stackabletech/hdfs-operator/hdfs.stackable.tech/v1alpha1/hdfsclusters.yaml @@ -257,6 +257,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -529,6 +533,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -828,6 +836,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1087,6 +1099,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1336,6 +1352,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1599,6 +1619,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml b/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml index 05c28c05a..7b0ee0aec 100644 --- a/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml +++ b/crd-catalog/stackabletech/kafka-operator/kafka.stackable.tech/v1alpha1/kafkaclusters.yaml @@ -162,6 +162,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -428,6 +432,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -551,7 +559,7 @@ spec: items: properties: authenticationClass: - description: "The AuthenticationClass to use.\n\n## TLS provider\n\nOnly affects client connections. This setting controls: - If clients need to authenticate themselves against the broker via TLS - Which ca.crt to use when validating the provided client certs\n\nThis will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`." + description: "The AuthenticationClass to use.\n\n## TLS provider\n\nOnly affects client connections. This setting controls: - If clients need to authenticate themselves against the broker via TLS - Which ca.crt to use when validating the provided client certs\n\nThis will override the server TLS settings (if set) in `spec.clusterConfig.tls.serverSecretClass`.\n\n## Kerberos provider\n\nThis affects client connections and also requires TLS for encryption. This setting is used to reference an `AuthenticationClass` and in turn, a `SecretClass` that is used to create keytabs." type: "string" required: - "authenticationClass" diff --git a/crd-catalog/stackabletech/nifi-operator/nifi.stackable.tech/v1alpha1/nificlusters.yaml b/crd-catalog/stackabletech/nifi-operator/nifi.stackable.tech/v1alpha1/nificlusters.yaml index 156337f4f..14520d0cc 100644 --- a/crd-catalog/stackabletech/nifi-operator/nifi.stackable.tech/v1alpha1/nificlusters.yaml +++ b/crd-catalog/stackabletech/nifi-operator/nifi.stackable.tech/v1alpha1/nificlusters.yaml @@ -338,6 +338,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -781,6 +785,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. Please note that this can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkapplications.yaml b/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkapplications.yaml index eacc448fd..a0147edd0 100644 --- a/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkapplications.yaml +++ b/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkapplications.yaml @@ -189,6 +189,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -459,6 +463,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -545,6 +553,10 @@ spec: config: default: {} properties: + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkhistoryservers.yaml b/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkhistoryservers.yaml index b4b0ee64c..a3e97be5a 100644 --- a/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkhistoryservers.yaml +++ b/crd-catalog/stackabletech/spark-k8s-operator/spark.stackable.tech/v1alpha1/sparkhistoryservers.yaml @@ -360,6 +360,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -571,6 +575,10 @@ spec: nullable: true type: "boolean" type: "object" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/trino-operator/trino.stackable.tech/v1alpha1/trinoclusters.yaml b/crd-catalog/stackabletech/trino-operator/trino.stackable.tech/v1alpha1/trinoclusters.yaml index 4444a74ab..c54fbc22e 100644 --- a/crd-catalog/stackabletech/trino-operator/trino.stackable.tech/v1alpha1/trinoclusters.yaml +++ b/crd-catalog/stackabletech/trino-operator/trino.stackable.tech/v1alpha1/trinoclusters.yaml @@ -287,6 +287,10 @@ spec: queryMaxMemoryPerNode: nullable: true type: "string" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -551,6 +555,10 @@ spec: queryMaxMemoryPerNode: nullable: true type: "string" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -846,6 +854,10 @@ spec: queryMaxMemoryPerNode: nullable: true type: "string" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -1110,6 +1122,10 @@ spec: queryMaxMemoryPerNode: nullable: true type: "string" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/stackabletech/zookeeper-operator/zookeeper.stackable.tech/v1alpha1/zookeeperclusters.yaml b/crd-catalog/stackabletech/zookeeper-operator/zookeeper.stackable.tech/v1alpha1/zookeeperclusters.yaml index 9851ec9bb..6d932bfa3 100644 --- a/crd-catalog/stackabletech/zookeeper-operator/zookeeper.stackable.tech/v1alpha1/zookeeperclusters.yaml +++ b/crd-catalog/stackabletech/zookeeper-operator/zookeeper.stackable.tech/v1alpha1/zookeeperclusters.yaml @@ -274,6 +274,10 @@ spec: minimum: 0.0 nullable: true type: "integer" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: @@ -552,6 +556,10 @@ spec: minimum: 0.0 nullable: true type: "integer" + requestedSecretLifetime: + description: "Request secret (currently only autoTls certificates) lifetime from the secret operator, e.g. `7d`, or `30d`. This can be shortened by the `maxCertificateLifetime` setting on the SecretClass issuing the TLS certificate." + nullable: true + type: "string" resources: default: cpu: diff --git a/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml b/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml index 840adaf64..8474ee771 100644 --- a/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml +++ b/crd-catalog/tigera/operator/operator.tigera.io/v1/installations.yaml @@ -29,6 +29,17 @@ spec: spec: description: "Specification of the desired state for the Calico or Calico Enterprise installation." properties: + azure: + description: "Azure is used to configure azure provider specific options." + properties: + policyMode: + default: "Default" + description: "PolicyMode determines whether the \"control-plane\" label is applied to namespaces. It offers two options: Default and Manual.\nThe Default option adds the \"control-plane\" label to the required namespaces.\nThe Manual option does not apply the \"control-plane\" label to any namespace.\nDefault: Default" + enum: + - "Default" + - "Manual" + type: "string" + type: "object" calicoKubeControllersDeployment: description: "CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in\nconjunction with the deprecated ComponentResources, then these overrides take precedence." properties: @@ -4991,6 +5002,17 @@ spec: computed: description: "Computed is the final installation including overlaid resources." properties: + azure: + description: "Azure is used to configure azure provider specific options." + properties: + policyMode: + default: "Default" + description: "PolicyMode determines whether the \"control-plane\" label is applied to namespaces. It offers two options: Default and Manual.\nThe Default option adds the \"control-plane\" label to the required namespaces.\nThe Manual option does not apply the \"control-plane\" label to any namespace.\nDefault: Default" + enum: + - "Default" + - "Manual" + type: "string" + type: "object" calicoKubeControllersDeployment: description: "CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in\nconjunction with the deprecated ComponentResources, then these overrides take precedence." properties: diff --git a/crd-catalog/tigera/operator/operator.tigera.io/v1/logstorages.yaml b/crd-catalog/tigera/operator/operator.tigera.io/v1/logstorages.yaml index 7716daea8..8d119d0d5 100644 --- a/crd-catalog/tigera/operator/operator.tigera.io/v1/logstorages.yaml +++ b/crd-catalog/tigera/operator/operator.tigera.io/v1/logstorages.yaml @@ -320,6 +320,124 @@ spec: type: "object" type: "object" type: "object" + esGatewayDeployment: + description: "ESGatewayDeployment configures the es-gateway Deployment." + properties: + spec: + description: "Spec is the specification of the es-gateway Deployment." + properties: + template: + description: "Template describes the es-gateway Deployment pod that will be created." + properties: + spec: + description: "Spec is the es-gateway Deployment's PodSpec." + properties: + containers: + description: "Containers is a list of es-gateway containers.\nIf specified, this overrides the specified es-gateway Deployment containers.\nIf omitted, the es-gateway Deployment will use its default values for its containers." + items: + description: "ESGatewayDeploymentContainer is a es-gateway Deployment container." + properties: + name: + description: "Name is an enum which identifies the es-gateway Deployment container by name.\nSupported values are: tigera-secure-es-gateway" + enum: + - "tigera-secure-es-gateway" + type: "string" + resources: + description: "Resources allows customization of limits and requests for compute resources such as cpu and memory.\nIf specified, this overrides the named es-gateway Deployment container's resources.\nIf omitted, the es-gateway Deployment will use its default value for this container's resources." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + required: + - "name" + type: "object" + type: "array" + initContainers: + description: "InitContainers is a list of es-gateway init containers.\nIf specified, this overrides the specified es-gateway Deployment init containers.\nIf omitted, the es-gateway Deployment will use its default values for its init containers." + items: + description: "ESGatewayDeploymentInitContainer is a es-gateway Deployment init container." + properties: + name: + description: "Name is an enum which identifies the es-gateway Deployment init container by name.\nSupported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner" + enum: + - "tigera-secure-elasticsearch-cert-key-cert-provisioner" + type: "string" + resources: + description: "Resources allows customization of limits and requests for compute resources such as cpu and memory.\nIf specified, this overrides the named es-gateway Deployment init container's resources.\nIf omitted, the es-gateway Deployment will use its default value for this init container's resources." + properties: + claims: + description: "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\nThis field is immutable. It can only be set for containers." + items: + description: "ResourceClaim references one entry in PodSpec.ResourceClaims." + properties: + name: + description: "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container." + type: "string" + required: + - "name" + type: "object" + type: "array" + x-kubernetes-list-map-keys: + - "name" + x-kubernetes-list-type: "map" + limits: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + requests: + additionalProperties: + anyOf: + - type: "integer" + - type: "string" + pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$" + x-kubernetes-int-or-string: true + description: "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/" + type: "object" + type: "object" + required: + - "name" + type: "object" + type: "array" + type: "object" + type: "object" + type: "object" + type: "object" indices: description: "Index defines the configuration for the indices in the Elasticsearch cluster." properties: diff --git a/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachines.yaml b/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachines.yaml index eff3d3b8c..4be8c8951 100644 --- a/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachines.yaml +++ b/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachines.yaml @@ -56,14 +56,14 @@ spec: description: "BootOptions are options that control the booting of Hardware." properties: bootMode: - description: "BootMode is the type of booting that will be done." + description: "BootMode is the type of booting that will be done.\nMust be one of \"none\", \"netboot\", or \"iso\"." enum: - "none" - "netboot" - "iso" type: "string" isoURL: - description: "ISOURL is the URL of the ISO that will be one-time booted.\nWhen this field is set, the controller will create a job.bmc.tinkerbell.org object\nfor getting the associated hardware into a CDROM booting state.\nA HardwareRef that contains a spec.BmcRef must be provided." + description: "ISOURL is the URL of the ISO that will be one-time booted.\nWhen this field is set, the controller will create a job.bmc.tinkerbell.org object\nfor getting the associated hardware into a CDROM booting state.\nA HardwareRef that contains a spec.BmcRef must be provided.\n\nThe format of the ISOURL must be http://$IP:$Port/iso/:macAddress/hook.iso\nThe name of the ISO file must have the .iso extension, but the name can be anything.\nThe $IP and $Port should generally point to the IP and Port of the Smee server\nas this is where the ISO patching endpoint lives.\nThe \":macAddress\" is a placeholder for the MAC address of the hardware and\nshould be provided exactly as is: \":macAddress\"." format: "url" type: "string" type: "object" diff --git a/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachinetemplates.yaml b/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachinetemplates.yaml index 1eecb48a6..853502edb 100644 --- a/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachinetemplates.yaml +++ b/crd-catalog/tinkerbell/cluster-api-provider-tinkerbell/infrastructure.cluster.x-k8s.io/v1beta1/tinkerbellmachinetemplates.yaml @@ -41,14 +41,14 @@ spec: description: "BootOptions are options that control the booting of Hardware." properties: bootMode: - description: "BootMode is the type of booting that will be done." + description: "BootMode is the type of booting that will be done.\nMust be one of \"none\", \"netboot\", or \"iso\"." enum: - "none" - "netboot" - "iso" type: "string" isoURL: - description: "ISOURL is the URL of the ISO that will be one-time booted.\nWhen this field is set, the controller will create a job.bmc.tinkerbell.org object\nfor getting the associated hardware into a CDROM booting state.\nA HardwareRef that contains a spec.BmcRef must be provided." + description: "ISOURL is the URL of the ISO that will be one-time booted.\nWhen this field is set, the controller will create a job.bmc.tinkerbell.org object\nfor getting the associated hardware into a CDROM booting state.\nA HardwareRef that contains a spec.BmcRef must be provided.\n\nThe format of the ISOURL must be http://$IP:$Port/iso/:macAddress/hook.iso\nThe name of the ISO file must have the .iso extension, but the name can be anything.\nThe $IP and $Port should generally point to the IP and Port of the Smee server\nas this is where the ISO patching endpoint lives.\nThe \":macAddress\" is a placeholder for the MAC address of the hardware and\nshould be provided exactly as is: \":macAddress\"." format: "url" type: "string" type: "object" diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs index 88862db40..a439bec6e 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1/redisenterpriseclusters.rs @@ -435,6 +435,9 @@ pub struct RedisEnterpriseClusterLdap { /// The maximum TTL of cached entries. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cacheTTLSeconds")] pub cache_ttl_seconds: Option, + /// The connection timeout to the LDAP server when authenticating a user, in seconds + #[serde(default, skip_serializing_if = "Option::is_none", rename = "directoryTimeoutSeconds")] + pub directory_timeout_seconds: Option, /// Whether to enable LDAP for control plane access. Disabled by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledForControlPlane")] pub enabled_for_control_plane: Option, @@ -6753,6 +6756,9 @@ pub struct RedisEnterpriseClusterStatus { /// Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) #[serde(default, skip_serializing_if = "Option::is_none", rename = "bundledDatabaseVersions")] pub bundled_database_versions: Option>, + /// Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificatesStatus")] + pub certificates_status: Option, /// The ingressOrRouteSpec/ActiveActive spec method that exist #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressOrRouteMethodStatus")] pub ingress_or_route_method_status: Option, @@ -6786,6 +6792,17 @@ pub struct RedisEnterpriseClusterStatusBundledDatabaseVersions { pub version: String, } +/// Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RedisEnterpriseClusterStatusCertificatesStatus { + /// Generation stores the version of the cluster's Proxy and Syncer certificate secrets. In Active-Active databases, when a user updates the proxy or syncer certificate, a crdb-update command needs to be triggered to avoid potential sync issues. This helps the REAADB controller detect a change in a certificate and trigger a crdb-update. The version of the cluster's Proxy certificate secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub generation: Option, + /// The status of the cluster's certificates update + #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStatus")] + pub update_status: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseClusterStatusLicenseStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "activationDate")] diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs index f636d5fd2..9adc09a95 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseactiveactivedatabases.rs @@ -35,7 +35,7 @@ pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurations { /// Connection/ association to the Active-Active database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeActive")] pub active_active: Option, - /// Settings for database alerts + /// Settings for database alerts. Note - Alert settings are not supported for Active-Active database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertSettings")] pub alert_settings: Option, /// Target for automatic database backups. @@ -86,7 +86,7 @@ pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurations { /// Connection to Redis Enterprise Cluster #[serde(default, skip_serializing_if = "Option::is_none", rename = "redisEnterpriseCluster")] pub redis_enterprise_cluster: Option, - /// Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis' + /// Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'. Note - Specifying Redis version is currently not supported for Active-Active database. #[serde(default, skip_serializing_if = "Option::is_none", rename = "redisVersion")] pub redis_version: Option, /// What databases to replicate from @@ -134,7 +134,7 @@ pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurationsActiveActive { pub participating_cluster_name: String, } -/// Settings for database alerts +/// Settings for database alerts. Note - Alert settings are not supported for Active-Active database. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseActiveActiveDatabaseGlobalConfigurationsAlertSettings { /// Periodic backup has been delayed for longer than specified threshold value [minutes] @@ -524,6 +524,9 @@ pub struct RedisEnterpriseActiveActiveDatabaseRedisEnterpriseCluster { /// RedisEnterpriseActiveActiveDatabaseStatus defines the observed state of RedisEnterpriseActiveActiveDatabase #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseActiveActiveDatabaseStatus { + /// Versions of the cluster's Proxy and Syncer certificates. In Active-Active databases, these are used to detect updates to the certificates, and trigger synchronization across the participating clusters. . + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterCertificatesGeneration")] + pub cluster_certificates_generation: Option, /// The active-active database corresponding GUID. #[serde(default, skip_serializing_if = "Option::is_none")] pub guid: Option, diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs index 806803c7d..a6b6b3a04 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseclusters.rs @@ -336,6 +336,8 @@ pub struct RedisEnterpriseClusterLdap { pub ca_certificate_secret_name: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "cacheTTLSeconds")] pub cache_ttl_seconds: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "directoryTimeoutSeconds")] + pub directory_timeout_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledForControlPlane")] pub enabled_for_control_plane: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "enabledForDataPlane")] @@ -6543,6 +6545,8 @@ pub struct RedisEnterpriseClusterVolumesVsphereVolume { pub struct RedisEnterpriseClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "bundledDatabaseVersions")] pub bundled_database_versions: Option>, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificatesStatus")] + pub certificates_status: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "ingressOrRouteMethodStatus")] pub ingress_or_route_method_status: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "licenseStatus")] @@ -6572,6 +6576,14 @@ pub struct RedisEnterpriseClusterStatusBundledDatabaseVersions { pub version: String, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RedisEnterpriseClusterStatusCertificatesStatus { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub generation: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "updateStatus")] + pub update_status: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseClusterStatusLicenseStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "activationDate")] diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs index 21d6c805f..0733cb8f1 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterprisedatabases.rs @@ -55,7 +55,7 @@ pub struct RedisEnterpriseDatabaseSpec { /// memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, and it must not be below 1GB. #[serde(default, skip_serializing_if = "Option::is_none", rename = "memorySize")] pub memory_size: Option, - /// List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. + /// List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. Note - if you do not want to upgrade to the latest version you must set upgradeSpec -> upgradeModulesToLatest to false. if you specify a version and do not set the upgradeModulesToLatest it can result errors in the operator. in addition, the option to specify specific version is Deprecated and will be deleted in next releases. #[serde(default, skip_serializing_if = "Option::is_none", rename = "modulesList")] pub modules_list: Option>, /// OSS Cluster mode option. Note that not all client libraries support OSS cluster mode. @@ -387,7 +387,7 @@ pub struct RedisEnterpriseDatabaseModulesList { pub config: Option, /// The module's name e.g "ft" for redissearch pub name: String, - /// Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB + /// DEPRECATED - Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB #[serde(default, skip_serializing_if = "Option::is_none")] pub version: Option, } @@ -482,7 +482,7 @@ pub enum RedisEnterpriseDatabaseType { /// Specifications for DB upgrade. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseDatabaseUpgradeSpec { - /// Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifing the version. in addition, This field is currently not supported for Active-Active databases. + /// DEPRECATED Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifying the version. in addition, This field is currently not supported for Active-Active databases. The default is true #[serde(rename = "upgradeModulesToLatest")] pub upgrade_modules_to_latest: bool, } diff --git a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs index 1c087b4d5..de51ce25e 100644 --- a/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs +++ b/kube-custom-resources-rs/src/app_redislabs_com/v1alpha1/redisenterpriseremoteclusters.rs @@ -20,6 +20,9 @@ pub struct RedisEnterpriseRemoteClusterSpec { /// The URL of the cluster, will be used for the active-active database URL. #[serde(rename = "apiFqdnUrl")] pub api_fqdn_url: String, + /// The port number of the cluster's URL used for connectivity/sync + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiPort")] + pub api_port: Option, /// The database URL suffix, will be used for the active-active database replication endpoint and replication endpoint SNI. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dbFqdnSuffix")] pub db_fqdn_suffix: Option, @@ -36,6 +39,9 @@ pub struct RedisEnterpriseRemoteClusterSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct RedisEnterpriseRemoteClusterStatus { + /// The observed secret resource version. Used for internal purposes only. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "internalObservedSecretResourceVersion")] + pub internal_observed_secret_resource_version: Option, /// Indicates whether this object represents a local or a remote cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub local: Option, diff --git a/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/agentpools.rs b/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/agentpools.rs index 89907340e..0b375486b 100644 --- a/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/agentpools.rs +++ b/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/agentpools.rs @@ -152,9 +152,11 @@ pub struct AgentPoolAgentDeploymentSpec { /// More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - /// the scheduler simply schedules this pod onto that node, assuming that it fits resource - /// requirements. + /// NodeName indicates in which node this pod is scheduled. + /// If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. + /// Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. + /// This field should not be used to express a desire for the pod to be scheduled on a specific node. + /// https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, /// NodeSelector is a selector which must be true for the pod to fit on a node. @@ -165,11 +167,9 @@ pub struct AgentPoolAgentDeploymentSpec { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// - /// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// - /// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -184,6 +184,7 @@ pub struct AgentPoolAgentDeploymentSpec { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups + /// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -236,11 +237,9 @@ pub struct AgentPoolAgentDeploymentSpec { /// will be made available to those containers which consume them /// by name. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaims")] pub resource_claims: Option>, @@ -265,7 +264,6 @@ pub struct AgentPoolAgentDeploymentSpec { /// If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the /// scheduler will not attempt to schedule the pod. /// - /// /// SchedulingGates can only be set at pod creation time, and be removed only afterwards. #[serde(default, skip_serializing_if = "Option::is_none", rename = "schedulingGates")] pub scheduling_gates: Option>, @@ -529,7 +527,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -540,7 +538,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAffinityPreferredDuringSchedul /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -650,7 +648,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -661,7 +659,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAffinityRequiredDuringScheduli /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -802,7 +800,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAntiAffinityPreferredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -813,7 +811,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAntiAffinityPreferredDuringSch /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -923,7 +921,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAntiAffinityRequiredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -934,7 +932,7 @@ pub struct AgentPoolAgentDeploymentSpecAffinityPodAntiAffinityRequiredDuringSche /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1240,9 +1238,7 @@ pub struct AgentPoolAgentDeploymentSpecContainersEnvValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1285,9 +1281,7 @@ pub struct AgentPoolAgentDeploymentSpecContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1316,9 +1310,7 @@ pub struct AgentPoolAgentDeploymentSpecContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -1333,9 +1325,7 @@ pub struct AgentPoolAgentDeploymentSpecContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -1620,7 +1610,6 @@ pub struct AgentPoolAgentDeploymentSpecContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1771,7 +1760,6 @@ pub struct AgentPoolAgentDeploymentSpecContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1843,11 +1831,9 @@ pub struct AgentPoolAgentDeploymentSpecContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1870,6 +1856,11 @@ pub struct AgentPoolAgentDeploymentSpecContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -1903,7 +1894,7 @@ pub struct AgentPoolAgentDeploymentSpecContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -2026,7 +2017,6 @@ pub struct AgentPoolAgentDeploymentSpecContainersSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -2138,7 +2128,6 @@ pub struct AgentPoolAgentDeploymentSpecContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2223,10 +2212,8 @@ pub struct AgentPoolAgentDeploymentSpecContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -2234,11 +2221,9 @@ pub struct AgentPoolAgentDeploymentSpecContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -2293,7 +2278,6 @@ pub struct AgentPoolAgentDeploymentSpecDnsConfigOptions { /// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the /// Pod to exceed its resource allocation. /// -/// /// To add an ephemeral container, use the ephemeralcontainers subresource of an existing /// Pod. Ephemeral containers may not be removed or restarted. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -2394,7 +2378,6 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainers { /// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. /// If not set then the ephemeral container uses the namespaces configured in the Pod spec. /// - /// /// The container runtime must implement support for this feature. If the runtime does not /// support namespace targeting then the result of setting this field is undefined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetContainerName")] @@ -2485,9 +2468,7 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersEnvValueFromConfigMapK /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2530,9 +2511,7 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersEnvValueFromSecretKeyR /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2561,9 +2540,7 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -2578,9 +2555,7 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -2861,7 +2836,6 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3009,7 +2983,6 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3080,11 +3053,9 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3107,6 +3078,11 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Optional: SecurityContext defines the security options the ephemeral container should be run with. @@ -3139,7 +3115,7 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -3262,7 +3238,6 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersSecurityContextSeccomp /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -3368,7 +3343,6 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3453,10 +3427,8 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -3464,11 +3436,9 @@ pub struct AgentPoolAgentDeploymentSpecEphemeralContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -3503,9 +3473,7 @@ pub struct AgentPoolAgentDeploymentSpecImagePullSecrets { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -3726,9 +3694,7 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersEnvValueFromConfigMapKeyRef /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -3771,9 +3737,7 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersEnvValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -3802,9 +3766,7 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersEnvFromConfigMapRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap must be defined @@ -3819,9 +3781,7 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersEnvFromSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret must be defined @@ -4106,7 +4066,6 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4257,7 +4216,6 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4329,11 +4287,9 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersResources { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4356,6 +4312,11 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersResourcesClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// SecurityContext defines the security options the container should be run with. @@ -4389,7 +4350,7 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersSecurityContext { #[serde(default, skip_serializing_if = "Option::is_none")] pub privileged: Option, /// procMount denotes the type of proc mount to use for the containers. - /// The default is DefaultProcMount which uses the container runtime defaults for + /// The default value is Default which uses the container runtime defaults for /// readonly paths and masked paths. /// This requires the ProcMountType feature flag to be enabled. /// Note that this field cannot be set when spec.os.name is windows. @@ -4512,7 +4473,6 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersSecurityContextSeccompProfi /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -4624,7 +4584,6 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersStartupProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4709,10 +4668,8 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersVolumeMounts { /// RecursiveReadOnly specifies whether read-only mounts should be handled /// recursively. /// - /// /// If ReadOnly is false, this field has no meaning and must be unspecified. /// - /// /// If ReadOnly is true, and this field is set to Disabled, the mount is not made /// recursively read-only. If this field is set to IfPossible, the mount is made /// recursively read-only, if it is supported by the container runtime. If this @@ -4720,11 +4677,9 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersVolumeMounts { /// supported by the container runtime, otherwise the pod will not be started and /// an error will be generated to indicate the reason. /// - /// /// If this field is set to IfPossible or Enabled, MountPropagation must be set to /// None (or be unspecified, which defaults to None). /// - /// /// If this field is not specified, it is treated as an equivalent of Disabled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "recursiveReadOnly")] pub recursive_read_only: Option, @@ -4743,11 +4698,9 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersVolumeMounts { /// Specifies the OS of the containers in the pod. /// Some pod and container fields are restricted if this is set. /// -/// /// If the OS field is set to linux, the following fields must be unset: /// -securityContext.windowsOptions /// -/// /// If the OS field is set to windows, following fields must be unset: /// - spec.hostPID /// - spec.hostIPC @@ -4762,6 +4715,7 @@ pub struct AgentPoolAgentDeploymentSpecInitContainersVolumeMounts { /// - spec.securityContext.runAsUser /// - spec.securityContext.runAsGroup /// - spec.securityContext.supplementalGroups +/// - spec.securityContext.supplementalGroupsPolicy /// - spec.containers[*].securityContext.appArmorProfile /// - spec.containers[*].securityContext.seLinuxOptions /// - spec.containers[*].securityContext.seccompProfile @@ -4789,7 +4743,10 @@ pub struct AgentPoolAgentDeploymentSpecReadinessGates { pub condition_type: String, } -/// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +/// PodResourceClaim references exactly one ResourceClaim, either directly +/// or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim +/// for the pod. +/// /// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. /// Containers that need access to the ResourceClaim reference it with this name. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4797,32 +4754,28 @@ pub struct AgentPoolAgentDeploymentSpecResourceClaims { /// Name uniquely identifies this resource claim inside the pod. /// This must be a DNS_LABEL. pub name: String, - /// Source describes where to find the ResourceClaim. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source: Option, -} - -/// Source describes where to find the ResourceClaim. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct AgentPoolAgentDeploymentSpecResourceClaimsSource { /// ResourceClaimName is the name of a ResourceClaim object in the same /// namespace as this pod. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimName")] pub resource_claim_name: Option, /// ResourceClaimTemplateName is the name of a ResourceClaimTemplate /// object in the same namespace as this pod. /// - /// /// The template will be used to create a new ResourceClaim, which will /// be bound to this pod. When this pod is deleted, the ResourceClaim /// will also be deleted. The pod name and resource name, along with a /// generated component, will be used to form a unique name for the /// ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. /// - /// /// This field is immutable and no changes will be made to the /// corresponding ResourceClaim by the control plane after creating the /// ResourceClaim. + /// + /// Exactly one of ResourceClaimName and ResourceClaimTemplateName must + /// be set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceClaimTemplateName")] pub resource_claim_template_name: Option, } @@ -4847,12 +4800,10 @@ pub struct AgentPoolAgentDeploymentSpecSecurityContext { /// Some volume types allow the Kubelet to change the ownership of that volume /// to be owned by the pod: /// - /// /// 1. The owning GID will be the FSGroup /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) /// 3. The permission bits are OR'd with rw-rw---- /// - /// /// If unset, the Kubelet will not modify the ownership and permissions of any volume. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] @@ -4902,15 +4853,24 @@ pub struct AgentPoolAgentDeploymentSpecSecurityContext { /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] pub seccomp_profile: Option, - /// A list of groups applied to the first process run in each container, in addition - /// to the container's primary GID, the fsGroup (if specified), and group memberships - /// defined in the container image for the uid of the container process. If unspecified, - /// no additional groups are added to any container. Note that group memberships - /// defined in the container image for the uid of the container process are still effective, - /// even if they are not included in this list. + /// A list of groups applied to the first process run in each container, in + /// addition to the container's primary GID and fsGroup (if specified). If + /// the SupplementalGroupsPolicy feature is enabled, the + /// supplementalGroupsPolicy field determines whether these are in addition + /// to or instead of any group memberships defined in the container image. + /// If unspecified, no additional groups are added, though group memberships + /// defined in the container image may still be used, depending on the + /// supplementalGroupsPolicy field. /// Note that this field cannot be set when spec.os.name is windows. #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] pub supplemental_groups: Option>, + /// Defines how supplemental groups of the first container processes are calculated. + /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used. + /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled + /// and the container runtime must implement support for this feature. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroupsPolicy")] + pub supplemental_groups_policy: Option, /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported /// sysctls (by the container runtime) might fail to launch. /// Note that this field cannot be set when spec.os.name is windows. @@ -4978,7 +4938,6 @@ pub struct AgentPoolAgentDeploymentSpecSecurityContextSeccompProfile { /// type indicates which kind of seccomp profile will be applied. /// Valid options are: /// - /// /// Localhost - a profile defined in a file on the node should be used. /// RuntimeDefault - the container runtime default profile should be used. /// Unconfined - no profile should be applied. @@ -5070,7 +5029,6 @@ pub struct AgentPoolAgentDeploymentSpecTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -5104,7 +5062,6 @@ pub struct AgentPoolAgentDeploymentSpecTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -5120,7 +5077,6 @@ pub struct AgentPoolAgentDeploymentSpecTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -5131,7 +5087,6 @@ pub struct AgentPoolAgentDeploymentSpecTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5240,7 +5195,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumes { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// - /// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5251,17 +5205,14 @@ pub struct AgentPoolAgentDeploymentSpecVolumes { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// - /// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// - /// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// - /// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -5296,11 +5247,24 @@ pub struct AgentPoolAgentDeploymentSpecVolumes { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - /// --- - /// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - /// mount host directories as read/write. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPath")] pub host_path: Option, + /// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. + /// The volume is resolved at pod startup depending on which PullPolicy value is provided: + /// + /// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// + /// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. + /// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. + /// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. + /// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. + /// The volume will be mounted read-only (ro) and non-executable files (noexec). + /// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). + /// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -5359,7 +5323,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesAwsElasticBlockStore { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -5455,9 +5418,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesCephfsSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5495,9 +5456,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesCinderSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5527,9 +5486,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -5596,9 +5553,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesCsiNodePublishSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -5692,7 +5647,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEmptyDir { /// The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, /// and deleted when the pod is removed. /// -/// /// Use this if: /// a) the volume is only needed while the pod runs, /// b) features of normal volumes like restoring from snapshot or capacity @@ -5703,17 +5657,14 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEmptyDir { /// information on the connection between this volume type /// and PersistentVolumeClaim). /// -/// /// Use PersistentVolumeClaim or one of the vendor-specific /// APIs for volumes that persist for longer than the lifecycle /// of an individual pod. /// -/// /// Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to /// be used that way - see the documentation of the driver for /// more information. /// -/// /// A pod can use both types of ephemeral volumes and /// persistent volumes at the same time. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5726,7 +5677,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// - /// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5736,11 +5686,9 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// - /// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// - /// /// Required, must not be nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeClaimTemplate")] pub volume_claim_template: Option, @@ -5754,7 +5702,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEphemeral { /// entry. Pod validation will reject the pod if the concatenated name /// is not valid for a PVC (for example, too long). /// -/// /// An existing PVC with that name that is not owned by the pod /// will *not* be used for the pod to avoid using an unrelated /// volume by mistake. Starting the pod is then blocked until @@ -5764,11 +5711,9 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEphemeral { /// this should not be necessary, but it may be useful when /// manually reconstructing a broken cluster. /// -/// /// This field is read-only and no changes will be made by Kubernetes /// to the PVC after it has been created. /// -/// /// Required, must not be nil. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentPoolAgentDeploymentSpecVolumesEphemeralVolumeClaimTemplate { @@ -5861,7 +5806,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesEphemeralVolumeClaimTemplateSpec { /// set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource /// exists. /// More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/ - /// (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. + /// (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeAttributesClassName")] pub volume_attributes_class_name: Option, /// volumeMode defines what type of volume is required by the claim. @@ -5990,7 +5935,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesFc { /// fsType is the filesystem type to mount. /// Must be a filesystem type supported by the host operating system. /// Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// lun is Optional: FC target lun number @@ -6047,9 +5991,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesFlexVolumeSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6075,7 +6017,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesGcePersistentDisk { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// partition is the partition in the volume that you want to mount. @@ -6137,9 +6078,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesGlusterfs { /// used for system agents or other privileged things that are allowed /// to see the host machine. Most containers will NOT need this. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath -/// --- -/// TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -/// mount host directories as read/write. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentPoolAgentDeploymentSpecVolumesHostPath { /// path of the directory on the host. @@ -6153,6 +6091,39 @@ pub struct AgentPoolAgentDeploymentSpecVolumesHostPath { pub r#type: Option, } +/// image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. +/// The volume is resolved at pod startup depending on which PullPolicy value is provided: +/// +/// - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. +/// - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. +/// - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. +/// +/// The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. +/// A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. +/// The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. +/// The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. +/// The volume will be mounted read-only (ro) and non-executable files (noexec). +/// Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath). +/// The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AgentPoolAgentDeploymentSpecVolumesImage { + /// Policy for pulling OCI objects. Possible values are: + /// Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. + /// Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. + /// IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. + /// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pullPolicy")] + pub pull_policy: Option, + /// Required: Image or artifact reference to be used. + /// Behaves in the same way as pod.spec.containers[*].image. + /// Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. + /// More info: https://kubernetes.io/docs/concepts/containers/images + /// This field is optional to allow higher level config management to default or override + /// container images in workload controllers like Deployments and StatefulSets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub reference: Option, +} + /// iscsi represents an ISCSI Disk resource that is attached to a /// kubelet's host machine and then exposed to the pod. /// More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -6168,7 +6139,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesIscsi { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// initiatorName is the custom iSCSI Initiator Name. @@ -6208,9 +6178,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesIscsiSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6288,25 +6256,24 @@ pub struct AgentPoolAgentDeploymentSpecVolumesProjected { /// mode, like fsGroup, and the result can be other mode bits set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] pub default_mode: Option, - /// sources is the list of volume projections + /// sources is the list of volume projections. Each entry in this list + /// handles one source. #[serde(default, skip_serializing_if = "Option::is_none")] pub sources: Option>, } -/// Projection that may be projected along with other supported volume types +/// Projection that may be projected along with other supported volume types. +/// Exactly one of these fields must be set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AgentPoolAgentDeploymentSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// - /// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// - /// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// - /// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6331,14 +6298,11 @@ pub struct AgentPoolAgentDeploymentSpecVolumesProjectedSources { /// ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field /// of ClusterTrustBundle objects in an auto-updating file. /// -/// /// Alpha, gated by the ClusterTrustBundleProjection feature gate. /// -/// /// ClusterTrustBundle objects can either be selected by name, or by the /// combination of signer name and a label selector. /// -/// /// Kubelet performs aggressive normalization of the PEM contents written /// into the pod filesystem. Esoteric PEM features such as inter-block /// comments and block headers are stripped. Certificates are deduplicated. @@ -6421,9 +6385,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesProjectedSourcesConfigMap { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional specify whether the ConfigMap or its keys must be defined @@ -6522,9 +6484,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesProjectedSourcesSecret { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// optional field specify whether the Secret or its key must be defined @@ -6609,7 +6569,6 @@ pub struct AgentPoolAgentDeploymentSpecVolumesRbd { /// Tip: Ensure that the filesystem type is supported by the host operating system. /// Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. /// More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - /// TODO: how do we prevent errors in the filesystem from compromising the machine #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsType")] pub fs_type: Option, /// image is the rados image name. @@ -6656,9 +6615,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesRbdSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6711,9 +6668,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesScaleIoSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6807,9 +6762,7 @@ pub struct AgentPoolAgentDeploymentSpecVolumesStorageosSecretRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -6917,9 +6870,7 @@ pub struct AgentPoolTokenSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/modules.rs b/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/modules.rs index 24630bf41..360349532 100644 --- a/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/modules.rs +++ b/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/modules.rs @@ -88,9 +88,7 @@ pub struct ModuleTokenSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/workspaces.rs b/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/workspaces.rs index 198cec0da..91d222dc6 100644 --- a/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/workspaces.rs +++ b/kube-custom-resources-rs/src/app_terraform_io/v1alpha2/workspaces.rs @@ -216,9 +216,7 @@ pub struct WorkspaceEnvironmentVariablesValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -235,9 +233,7 @@ pub struct WorkspaceEnvironmentVariablesValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -521,9 +517,7 @@ pub struct WorkspaceTerraformVariablesValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -540,9 +534,7 @@ pub struct WorkspaceTerraformVariablesValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -567,9 +559,7 @@ pub struct WorkspaceTokenSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs index 4d6ef745a..458bd3e61 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/clusters.rs @@ -332,7 +332,7 @@ pub struct ClusterComponentSpecs { /// If no version is specified, the latest available version will be used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] pub service_version: Option, - /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + /// Overrides services defined in referenced ComponentDefinition. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, /// Stop the Component. @@ -7724,7 +7724,7 @@ pub struct ClusterShardingsTemplate { /// If no version is specified, the latest available version will be used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] pub service_version: Option, - /// Overrides services defined in referenced ComponentDefinition and expose endpoints that can be accessed by clients. + /// Overrides services defined in referenced ComponentDefinition. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, /// Stop the Component. @@ -13668,6 +13668,7 @@ pub enum ClusterStatusComponentsPhase { Deleting, Updating, Stopping, + Starting, Running, Stopped, Failed, @@ -13705,6 +13706,7 @@ pub enum ClusterStatusShardingsPhase { Deleting, Updating, Stopping, + Starting, Running, Stopped, Failed, diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs index bc5e5b656..5f12e2284 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/componentdefinitions.rs @@ -390,6 +390,12 @@ pub struct ComponentDefinitionSpec { /// This field is immutable. #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemAccounts")] pub system_accounts: Option>, + /// Specifies the TLS configuration for the Component. + /// + /// + /// This field is immutable. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tls: Option, /// Specifies the concurrency strategy for updating multiple instances of the Component. /// Available strategies: /// @@ -5441,6 +5447,12 @@ pub struct ComponentDefinitionLifecycleActions { /// that only the necessary data is exported for import into the new replica. /// /// + /// The container executing this action has access to following environment variables: + /// + /// + /// - KB_TARGET_POD_NAME: The name of the replica pod into which the data will be loaded. + /// + /// /// Note: This field is immutable once it has been set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataDump")] pub data_dump: Option, @@ -6235,6 +6247,12 @@ pub struct ComponentDefinitionLifecycleActionsAvailableProbeRetryPolicy { /// that only the necessary data is exported for import into the new replica. /// /// +/// The container executing this action has access to following environment variables: +/// +/// +/// - KB_TARGET_POD_NAME: The name of the replica pod into which the data will be loaded. +/// +/// /// Note: This field is immutable once it has been set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionLifecycleActionsDataDump { @@ -16462,6 +16480,52 @@ pub struct ComponentDefinitionSystemAccountsSecretRef { pub namespace: String, } +/// Specifies the TLS configuration for the Component. +/// +/// +/// This field is immutable. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionTls { + /// The CA file of the TLS. + /// + /// + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "caFile")] + pub ca_file: Option, + /// The certificate file of the TLS. + /// + /// + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "certFile")] + pub cert_file: Option, + /// The default permissions for the mounted path. + /// + /// + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "defaultMode")] + pub default_mode: Option, + /// The key file of the TLS. + /// + /// + /// This field is immutable once set. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "keyFile")] + pub key_file: Option, + /// Specifies the mount path for the TLS secret to be mounted. + /// Similar to the volume, the controller will mount the created volume to the specified path within containers when the TLS is enabled. + /// + /// + /// This field is immutable once set. + #[serde(rename = "mountPath")] + pub mount_path: String, + /// Specifies the volume name for the TLS secret. + /// The controller will create a volume object with the specified name and add it to the pod when the TLS is enabled. + /// + /// + /// This field is immutable once set. + #[serde(rename = "volumeName")] + pub volume_name: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ComponentDefinitionUpdateStrategy { Serial, @@ -16540,6 +16604,9 @@ pub struct ComponentDefinitionVarsValueFrom { /// Selects a defined var of a Service. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVarRef")] pub service_var_ref: Option, + /// Selects a defined var of the TLS. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsVarRef")] + pub tls_var_ref: Option, } /// Selects a defined var of a Cluster. @@ -17240,6 +17307,88 @@ pub enum ComponentDefinitionVarsValueFromServiceVarRefServiceType { Optional, } +/// Selects a defined var of the TLS. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionVarsValueFromTlsVarRef { + /// Specifies the exact name, name prefix, or regular expression pattern for matching the name of the ComponentDefinition + /// custom resource (CR) used by the component that the referent object resident in. + /// + /// + /// If not specified, the component itself will be used. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "compDef")] + pub comp_def: Option, + /// VarOption defines whether a variable is required or optional. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// This option defines the behavior when multiple component objects match the specified @CompDef. + /// If not provided, an error will be raised when handling multiple matches. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "multipleClusterObjectOption")] + pub multiple_cluster_object_option: Option, + /// Name of the referent object. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the object must be defined. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a defined var of the TLS. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromTlsVarRefEnabled { + Required, + Optional, +} + +/// This option defines the behavior when multiple component objects match the specified @CompDef. +/// If not provided, an error will be raised when handling multiple matches. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct ComponentDefinitionVarsValueFromTlsVarRefMultipleClusterObjectOption { + /// Define the options for handling combined variables. + /// Valid only when the strategy is set to "combined". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "combinedOption")] + pub combined_option: Option, + /// Define the strategy for handling multiple cluster objects. + pub strategy: ComponentDefinitionVarsValueFromTlsVarRefMultipleClusterObjectOptionStrategy, +} + +/// Define the options for handling combined variables. +/// Valid only when the strategy is set to "combined". +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionVarsValueFromTlsVarRefMultipleClusterObjectOptionCombinedOption { + /// The flatten format, default is: $(comp-name-1):value,$(comp-name-2):value. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "flattenFormat")] + pub flatten_format: Option, + /// If set, the existing variable will be kept, and a new variable will be defined with the specified suffix + /// in pattern: $(var.name)_$(suffix). + /// The new variable will be auto-created and placed behind the existing one. + /// If not set, the existing variable will be reused with the value format defined below. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "newVarSuffix")] + pub new_var_suffix: Option, + /// The format of the value that the operator will use to compose values from multiple components. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFormat")] + pub value_format: Option, +} + +/// The flatten format, default is: $(comp-name-1):value,$(comp-name-2):value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentDefinitionVarsValueFromTlsVarRefMultipleClusterObjectOptionCombinedOptionFlattenFormat { + /// Pair delimiter. + pub delimiter: String, + /// Key-value delimiter. + #[serde(rename = "keyValueDelimiter")] + pub key_value_delimiter: String, +} + +/// This option defines the behavior when multiple component objects match the specified @CompDef. +/// If not provided, an error will be raised when handling multiple matches. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ComponentDefinitionVarsValueFromTlsVarRefMultipleClusterObjectOptionStrategy { + #[serde(rename = "individual")] + Individual, + #[serde(rename = "combined")] + Combined, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentDefinitionVolumes { /// Sets the critical threshold for volume space utilization as a percentage (0-100). diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs index 1480cdef9..e441fe734 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1/components.rs @@ -172,9 +172,12 @@ pub struct ComponentSpec { /// The version should follow the syntax and semantics of the "Semantic Versioning" specification (http://semver.org/). #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceVersion")] pub service_version: Option, - /// Overrides Services defined in referenced ComponentDefinition and exposes endpoints that can be accessed by clients. + /// Overrides Services defined in referenced ComponentDefinition. #[serde(default, skip_serializing_if = "Option::is_none")] pub services: Option>, + /// Specifies the sidecars to be injected into the Component. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sidecars: Option>, /// Stop the Component. /// If set, all the computing resources will be released. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -4629,6 +4632,23 @@ pub struct ComponentServicesSpecSessionAffinityConfigClientIp { pub timeout_seconds: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ComponentSidecars { + /// Name specifies the unique name of the sidecar. + /// + /// + /// The name will be used as the name of the sidecar container in the Pod. + pub name: String, + /// Specifies the exact component definition that the sidecar belongs to. + /// + /// + /// A sidecar will be updated when the owner component definition is updated only. + pub owner: String, + /// Specifies the sidecar definition CR to be used to create the sidecar. + #[serde(rename = "sidecarDef")] + pub sidecar_def: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ComponentSystemAccounts { /// The name of the system account. @@ -6450,6 +6470,7 @@ pub struct ComponentStatus { /// - Failed: A significant number of Pods have failed. /// - Stopping: All Pods are being terminated, with current replica count at zero. /// - Stopped: All associated Pods have been successfully deleted. + /// - Starting: Pods are being started. /// - Deleting: The Component is being deleted. #[serde(default, skip_serializing_if = "Option::is_none")] pub phase: Option, @@ -6462,6 +6483,7 @@ pub enum ComponentStatusPhase { Deleting, Updating, Stopping, + Starting, Running, Stopped, Failed, diff --git a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs index cb80d13e4..9d8e0112d 100644 --- a/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs +++ b/kube-custom-resources-rs/src/apps_kubeblocks_io/v1alpha1/componentdefinitions.rs @@ -1087,7 +1087,7 @@ pub struct ComponentDefinitionLifecycleActionsAccountProvision { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -1497,7 +1497,7 @@ pub struct ComponentDefinitionLifecycleActionsDataDump { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -1906,7 +1906,7 @@ pub struct ComponentDefinitionLifecycleActionsDataLoad { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -2342,7 +2342,7 @@ pub struct ComponentDefinitionLifecycleActionsMemberJoin { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -2778,7 +2778,7 @@ pub struct ComponentDefinitionLifecycleActionsMemberLeave { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -3209,7 +3209,7 @@ pub struct ComponentDefinitionLifecycleActionsPostProvision { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -3647,7 +3647,7 @@ pub struct ComponentDefinitionLifecycleActionsPreTerminate { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -4059,7 +4059,7 @@ pub struct ComponentDefinitionLifecycleActionsReadonly { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -4473,7 +4473,7 @@ pub struct ComponentDefinitionLifecycleActionsReadwrite { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -4871,7 +4871,7 @@ pub struct ComponentDefinitionLifecycleActionsReconfigure { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler @@ -5294,7 +5294,7 @@ pub struct ComponentDefinitionLifecycleActionsRoleProbe { /// Lorry, as a sidecar agent co-located with the database container in the same Pod, /// includes a suite of built-in action implementations that are tailored to different database engines. /// These are known as "builtin" handlers, includes: `mysql`, `redis`, `mongodb`, `etcd`, - /// `postgresql`, `official-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. + /// `postgresql`, `vanilla-postgresql`, `apecloud-postgresql`, `wesql`, `oceanbase`, `polardbx`. /// /// /// If the `builtinHandler` field is specified, it instructs Lorry to utilize its internal built-in action handler diff --git a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs index 122d20335..527f8ae24 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/applications.rs @@ -73,6 +73,9 @@ pub struct ApplicationOperationRetryBackoff { /// Sync contains parameters for the operation #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSync { + /// SelfHealAttemptsCount contains the number of auto-heal attempts + #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoHealAttemptsCount")] + pub auto_heal_attempts_count: Option, /// DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] pub dry_run: Option, @@ -207,12 +210,23 @@ pub struct ApplicationOperationSyncSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -267,6 +281,10 @@ pub struct ApplicationOperationSyncSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -288,6 +306,10 @@ pub struct ApplicationOperationSyncSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -472,12 +494,23 @@ pub struct ApplicationOperationSyncSourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -532,6 +565,10 @@ pub struct ApplicationOperationSyncSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationOperationSyncSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -553,6 +590,10 @@ pub struct ApplicationOperationSyncSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -846,12 +887,23 @@ pub struct ApplicationSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -906,6 +958,10 @@ pub struct ApplicationSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -927,6 +983,10 @@ pub struct ApplicationSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -1111,12 +1171,23 @@ pub struct ApplicationSourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -1171,6 +1242,10 @@ pub struct ApplicationSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -1192,6 +1267,10 @@ pub struct ApplicationSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -1549,12 +1628,23 @@ pub struct ApplicationStatusHistorySourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -1609,6 +1699,10 @@ pub struct ApplicationStatusHistorySourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -1630,6 +1724,10 @@ pub struct ApplicationStatusHistorySourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -1814,12 +1912,23 @@ pub struct ApplicationStatusHistorySourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -1874,6 +1983,10 @@ pub struct ApplicationStatusHistorySourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusHistorySourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -1895,6 +2008,10 @@ pub struct ApplicationStatusHistorySourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -2079,6 +2196,9 @@ pub struct ApplicationStatusOperationStateOperationRetryBackoff { /// Sync contains parameters for the operation #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSync { + /// SelfHealAttemptsCount contains the number of auto-heal attempts + #[serde(default, skip_serializing_if = "Option::is_none", rename = "autoHealAttemptsCount")] + pub auto_heal_attempts_count: Option, /// DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync #[serde(default, skip_serializing_if = "Option::is_none", rename = "dryRun")] pub dry_run: Option, @@ -2213,12 +2333,23 @@ pub struct ApplicationStatusOperationStateOperationSyncSourceDirectoryJsonnetTla /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -2273,6 +2404,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -2294,6 +2429,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -2478,12 +2617,23 @@ pub struct ApplicationStatusOperationStateOperationSyncSourcesDirectoryJsonnetTl /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -2538,6 +2688,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateOperationSyncSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -2559,6 +2713,10 @@ pub struct ApplicationStatusOperationStateOperationSyncSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -2836,12 +2994,23 @@ pub struct ApplicationStatusOperationStateSyncResultSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -2896,6 +3065,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -2917,6 +3090,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -3101,12 +3278,23 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesDirectoryJsonnetTlas /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -3161,6 +3349,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusOperationStateSyncResultSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -3182,6 +3374,10 @@ pub struct ApplicationStatusOperationStateSyncResultSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -3483,12 +3679,23 @@ pub struct ApplicationStatusSyncComparedToSourceDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourceHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -3543,6 +3750,10 @@ pub struct ApplicationStatusSyncComparedToSourceHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourceKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -3564,6 +3775,10 @@ pub struct ApplicationStatusSyncComparedToSourceKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, @@ -3748,12 +3963,23 @@ pub struct ApplicationStatusSyncComparedToSourcesDirectoryJsonnetTlas { /// Helm holds helm specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourcesHelm { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// FileParameters are file parameters to the helm template #[serde(default, skip_serializing_if = "Option::is_none", rename = "fileParameters")] pub file_parameters: Option>, /// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values #[serde(default, skip_serializing_if = "Option::is_none", rename = "ignoreMissingValueFiles")] pub ignore_missing_value_files: Option, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, + /// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, /// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation #[serde(default, skip_serializing_if = "Option::is_none")] pub parameters: Option>, @@ -3808,6 +4034,10 @@ pub struct ApplicationStatusSyncComparedToSourcesHelmParameters { /// Kustomize holds kustomize specific options #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ApplicationStatusSyncComparedToSourcesKustomize { + /// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default, + /// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersions")] + pub api_versions: Option>, /// CommonAnnotations is a list of additional annotations to add to rendered manifests #[serde(default, skip_serializing_if = "Option::is_none", rename = "commonAnnotations")] pub common_annotations: Option>, @@ -3829,6 +4059,10 @@ pub struct ApplicationStatusSyncComparedToSourcesKustomize { /// Images is a list of Kustomize image override specifications #[serde(default, skip_serializing_if = "Option::is_none")] pub images: Option>, + /// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD + /// uses the Kubernetes version of the target cluster. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubeVersion")] + pub kube_version: Option, /// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelWithoutSelector")] pub label_without_selector: Option, diff --git a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs index b41b0ae02..698f41c35 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1alpha1/appprojects.rs @@ -27,6 +27,9 @@ pub struct AppProjectSpec { /// Description contains optional project description #[serde(default, skip_serializing_if = "Option::is_none")] pub description: Option, + /// DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "destinationServiceAccounts")] + pub destination_service_accounts: Option>, /// Destinations contains list of destinations available for deployment #[serde(default, skip_serializing_if = "Option::is_none")] pub destinations: Option>, @@ -75,6 +78,19 @@ pub struct AppProjectClusterResourceWhitelist { pub kind: String, } +/// ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AppProjectDestinationServiceAccounts { + /// DefaultServiceAccount to be used for impersonation during the sync operation + #[serde(rename = "defaultServiceAccount")] + pub default_service_account: String, + /// Namespace specifies the target namespace for the application's resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Server specifies the URL of the target cluster's Kubernetes control plane API. + pub server: String, +} + /// ApplicationDestination holds information about the application's destination #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppProjectDestinations { diff --git a/kube-custom-resources-rs/src/argoproj_io/v1beta1/argocds.rs b/kube-custom-resources-rs/src/argoproj_io/v1beta1/argocds.rs index 6d0944288..e9ba04126 100644 --- a/kube-custom-resources-rs/src/argoproj_io/v1beta1/argocds.rs +++ b/kube-custom-resources-rs/src/argoproj_io/v1beta1/argocds.rs @@ -2087,6 +2087,9 @@ pub struct ArgoCDController { /// Resources defines the Compute Resources required by the container for the Application Controller. #[serde(default, skip_serializing_if = "Option::is_none")] pub resources: Option, + /// RespectRBAC restricts controller from discovering/syncing specific resources, Defaults is empty if not configured. Valid options are strict and normal. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "respectRBAC")] + pub respect_rbac: Option, /// Sharding contains the options for the Application Controller sharding configuration. #[serde(default, skip_serializing_if = "Option::is_none")] pub sharding: Option, diff --git a/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs b/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs index 55f4b7582..1efde5cf4 100644 --- a/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs +++ b/kube-custom-resources-rs/src/autoscaling_karmada_io/v1alpha1/cronfederatedhpas.rs @@ -39,7 +39,6 @@ pub struct CronFederatedHPARules { /// Name of the rule. /// Each rule in a CronFederatedHPA must have a unique name. /// - /// /// Note: the name will be used as an identifier to record its execution /// history. Changing the name will be considered as deleting the old rule /// and adding a new rule, that means the original execution history will be diff --git a/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs b/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs index 721a458cc..729e7ba0c 100644 --- a/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs +++ b/kube-custom-resources-rs/src/camel_apache_org/v1/builds.rs @@ -113,7 +113,7 @@ pub enum BuildConfigurationStrategy { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BuildTasks { /// a BuildahTask, for Buildah strategy - /// Deprecated: use jib, s2i or a custom publishing strategy instead + /// Deprecated: use jib or a custom publishing strategy instead #[serde(default, skip_serializing_if = "Option::is_none")] pub buildah: Option, /// a BuilderTask, used to generate and build the project @@ -126,7 +126,7 @@ pub struct BuildTasks { #[serde(default, skip_serializing_if = "Option::is_none")] pub jib: Option, /// a KanikoTask, for Kaniko strategy - /// Deprecated: use jib, s2i or a custom publishing strategy instead + /// Deprecated: use jib or a custom publishing strategy instead #[serde(default, skip_serializing_if = "Option::is_none")] pub kaniko: Option, /// Application pre publishing @@ -134,16 +134,17 @@ pub struct BuildTasks { #[serde(default, skip_serializing_if = "Option::is_none")] pub package: Option, /// a S2iTask, for S2I strategy + /// Deprecated: use jib or a custom publishing strategy instead #[serde(default, skip_serializing_if = "Option::is_none")] pub s2i: Option, /// a SpectrumTask, for Spectrum strategy - /// Deprecated: use jib, s2i or a custom publishing strategy instead + /// Deprecated: use jib or a custom publishing strategy instead #[serde(default, skip_serializing_if = "Option::is_none")] pub spectrum: Option, } /// a BuildahTask, for Buildah strategy -/// Deprecated: use jib, s2i or a custom publishing strategy instead +/// Deprecated: use jib or a custom publishing strategy instead #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BuildTasksBuildah { /// base image layer @@ -395,8 +396,12 @@ pub struct BuildTasksBuilderMavenCaSecrets { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -441,8 +446,12 @@ pub struct BuildTasksBuilderMavenProfilesConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -456,8 +465,12 @@ pub struct BuildTasksBuilderMavenProfilesSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -547,8 +560,12 @@ pub struct BuildTasksBuilderMavenSettingsConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -562,8 +579,12 @@ pub struct BuildTasksBuilderMavenSettingsSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -589,8 +610,12 @@ pub struct BuildTasksBuilderMavenSettingsSecurityConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -604,8 +629,12 @@ pub struct BuildTasksBuilderMavenSettingsSecuritySecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -943,7 +972,7 @@ pub struct BuildTasksJibRegistry { } /// a KanikoTask, for Kaniko strategy -/// Deprecated: use jib, s2i or a custom publishing strategy instead +/// Deprecated: use jib or a custom publishing strategy instead #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BuildTasksKaniko { /// base image layer @@ -1207,8 +1236,12 @@ pub struct BuildTasksPackageMavenCaSecrets { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1253,8 +1286,12 @@ pub struct BuildTasksPackageMavenProfilesConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1268,8 +1305,12 @@ pub struct BuildTasksPackageMavenProfilesSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1359,8 +1400,12 @@ pub struct BuildTasksPackageMavenSettingsConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1374,8 +1419,12 @@ pub struct BuildTasksPackageMavenSettingsSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1401,8 +1450,12 @@ pub struct BuildTasksPackageMavenSettingsSecurityConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1416,8 +1469,12 @@ pub struct BuildTasksPackageMavenSettingsSecuritySecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1569,6 +1626,7 @@ pub struct BuildTasksPackageSources { } /// a S2iTask, for S2I strategy +/// Deprecated: use jib or a custom publishing strategy instead #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BuildTasksS2i { /// base image layer @@ -1673,7 +1731,7 @@ pub struct BuildTasksS2iRegistry { } /// a SpectrumTask, for Spectrum strategy -/// Deprecated: use jib, s2i or a custom publishing strategy instead +/// Deprecated: use jib or a custom publishing strategy instead #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BuildTasksSpectrum { /// base image layer diff --git a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs index ee5584c1e..7a53a9c8f 100644 --- a/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs +++ b/kube-custom-resources-rs/src/ceph_rook_io/v1/cephblockpools.rs @@ -241,6 +241,9 @@ pub struct CephBlockPoolStatus { /// ConditionType represent a resource's status #[serde(default, skip_serializing_if = "Option::is_none")] pub phase: Option, + /// optional + #[serde(default, skip_serializing_if = "Option::is_none", rename = "poolID")] + pub pool_id: Option, /// SnapshotScheduleStatusSpec is the status of the snapshot schedule #[serde(default, skip_serializing_if = "Option::is_none", rename = "snapshotScheduleStatus")] pub snapshot_schedule_status: Option, diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs index 31bebdfe6..b5f992a0a 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/configurations.rs @@ -155,6 +155,9 @@ pub struct ConfigurationCatchCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -558,6 +561,9 @@ pub struct ConfigurationCatchScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs index 4faf78997..82e20eed4 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha1/tests.rs @@ -166,6 +166,9 @@ pub struct TestCatchCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -569,6 +572,9 @@ pub struct TestCatchScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -954,6 +960,9 @@ pub struct TestStepsCatchCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -1357,6 +1366,9 @@ pub struct TestStepsCatchScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -1603,6 +1615,9 @@ pub struct TestStepsCleanupCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -2006,6 +2021,9 @@ pub struct TestStepsCleanupScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -2280,6 +2298,9 @@ pub struct TestStepsFinallyCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -2683,6 +2704,9 @@ pub struct TestStepsFinallyScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -3144,6 +3168,9 @@ pub struct TestStepsTryCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -3888,6 +3915,9 @@ pub struct TestStepsTryScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, diff --git a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs index dd275e524..ca5549c63 100644 --- a/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs +++ b/kube-custom-resources-rs/src/chainsaw_kyverno_io/v1alpha2/configurations.rs @@ -179,6 +179,9 @@ pub struct ConfigurationErrorCatchCommand { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, @@ -582,6 +585,9 @@ pub struct ConfigurationErrorCatchScript { /// Outputs defines output bindings. #[serde(default, skip_serializing_if = "Option::is_none")] pub outputs: Option>, + /// SkipCommandOutput removes the command from the output logs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipCommandOutput")] + pub skip_command_output: Option, /// SkipLogOutput removes the output from the command. Useful for sensitive logs or to reduce noise. #[serde(default, skip_serializing_if = "Option::is_none", rename = "skipLogOutput")] pub skip_log_output: Option, diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs index 11277f6fb..5ba37517f 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumclusterwidenetworkpolicies.rs @@ -284,6 +284,10 @@ pub struct CiliumClusterwideNetworkPolicyEgressToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -294,6 +298,47 @@ pub struct CiliumClusterwideNetworkPolicyEgressToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyEgressToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyEgressToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicyEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicyEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicyEgressToEndpoints { @@ -1139,6 +1184,10 @@ pub struct CiliumClusterwideNetworkPolicyEgressDenyToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -1149,6 +1198,47 @@ pub struct CiliumClusterwideNetworkPolicyEgressDenyToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyEgressDenyToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyEgressDenyToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicyEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicyEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicyEgressDenyToEndpoints { @@ -1611,6 +1701,10 @@ pub struct CiliumClusterwideNetworkPolicyIngressFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -1621,6 +1715,47 @@ pub struct CiliumClusterwideNetworkPolicyIngressFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyIngressFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyIngressFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicyIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicyIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicyIngressFromEndpoints { @@ -2361,6 +2496,10 @@ pub struct CiliumClusterwideNetworkPolicyIngressDenyFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -2371,6 +2510,47 @@ pub struct CiliumClusterwideNetworkPolicyIngressDenyFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyIngressDenyFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicyIngressDenyFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicyIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicyIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicyIngressDenyFromEndpoints { @@ -2927,6 +3107,10 @@ pub struct CiliumClusterwideNetworkPolicysEgressToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -2937,6 +3121,47 @@ pub struct CiliumClusterwideNetworkPolicysEgressToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysEgressToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysEgressToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicysEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicysEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicysEgressToEndpoints { @@ -3782,6 +4007,10 @@ pub struct CiliumClusterwideNetworkPolicysEgressDenyToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -3792,6 +4021,47 @@ pub struct CiliumClusterwideNetworkPolicysEgressDenyToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysEgressDenyToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysEgressDenyToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicysEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicysEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicysEgressDenyToEndpoints { @@ -4254,6 +4524,10 @@ pub struct CiliumClusterwideNetworkPolicysIngressFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -4264,6 +4538,47 @@ pub struct CiliumClusterwideNetworkPolicysIngressFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysIngressFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysIngressFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicysIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicysIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicysIngressFromEndpoints { @@ -5004,6 +5319,10 @@ pub struct CiliumClusterwideNetworkPolicysIngressDenyFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -5014,6 +5333,47 @@ pub struct CiliumClusterwideNetworkPolicysIngressDenyFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysIngressDenyFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumClusterwideNetworkPolicysIngressDenyFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumClusterwideNetworkPolicysIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumClusterwideNetworkPolicysIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumClusterwideNetworkPolicysIngressDenyFromEndpoints { diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumegressgatewaypolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumegressgatewaypolicies.rs index 2e8de00c3..dc4265b0a 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumegressgatewaypolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumegressgatewaypolicies.rs @@ -122,6 +122,10 @@ pub struct CiliumEgressGatewayPolicySelectors { /// selector semantics; if present but empty, it selects all namespaces. #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] pub namespace_selector: Option, + /// This is a label selector which selects Pods by Node. This field follows standard label + /// selector semantics; if present but empty, it selects all nodes. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option, /// This is a label selector which selects Pods. This field follows standard label /// selector semantics; if present but empty, it selects all pods. #[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] @@ -169,6 +173,47 @@ pub enum CiliumEgressGatewayPolicySelectorsNamespaceSelectorMatchExpressionsOper DoesNotExist, } +/// This is a label selector which selects Pods by Node. This field follows standard label +/// selector semantics; if present but empty, it selects all nodes. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumEgressGatewayPolicySelectorsNodeSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumEgressGatewayPolicySelectorsNodeSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumEgressGatewayPolicySelectorsNodeSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumEgressGatewayPolicySelectorsNodeSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// This is a label selector which selects Pods. This field follows standard label /// selector semantics; if present but empty, it selects all pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs index f8123511b..1cca8dd82 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumendpoints.rs @@ -176,7 +176,7 @@ pub struct CiliumEndpointStatusIdentity { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumEndpointStatusLog { /// Code indicate type of status change - /// Enum: [ok failed] + /// Enum: ["ok","failed"] #[serde(default, skip_serializing_if = "Option::is_none")] pub code: Option, /// Status message @@ -202,7 +202,7 @@ pub struct CiliumEndpointStatusNamedPorts { #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Layer 4 protocol - /// Enum: [TCP UDP SCTP ICMP ICMPV6 ANY] + /// Enum: ["TCP","UDP","SCTP","ICMP","ICMPV6","ANY"] #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } diff --git a/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs b/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs index 04c180189..2901adc6c 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2/ciliumnetworkpolicies.rs @@ -285,6 +285,10 @@ pub struct CiliumNetworkPolicyEgressToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -295,6 +299,47 @@ pub struct CiliumNetworkPolicyEgressToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicyEgressToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicyEgressToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicyEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicyEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicyEgressToEndpoints { @@ -1140,6 +1185,10 @@ pub struct CiliumNetworkPolicyEgressDenyToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -1150,6 +1199,47 @@ pub struct CiliumNetworkPolicyEgressDenyToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicyEgressDenyToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicyEgressDenyToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicyEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicyEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicyEgressDenyToEndpoints { @@ -1612,6 +1702,10 @@ pub struct CiliumNetworkPolicyIngressFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -1622,6 +1716,47 @@ pub struct CiliumNetworkPolicyIngressFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicyIngressFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicyIngressFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicyIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicyIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicyIngressFromEndpoints { @@ -2362,6 +2497,10 @@ pub struct CiliumNetworkPolicyIngressDenyFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -2372,6 +2511,47 @@ pub struct CiliumNetworkPolicyIngressDenyFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicyIngressDenyFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicyIngressDenyFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicyIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicyIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicyIngressDenyFromEndpoints { @@ -2928,6 +3108,10 @@ pub struct CiliumNetworkPolicysEgressToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -2938,6 +3122,47 @@ pub struct CiliumNetworkPolicysEgressToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicysEgressToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicysEgressToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicysEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicysEgressToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicysEgressToEndpoints { @@ -3783,6 +4008,10 @@ pub struct CiliumNetworkPolicysEgressDenyToCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -3793,6 +4022,47 @@ pub struct CiliumNetworkPolicysEgressDenyToCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicysEgressDenyToCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicysEgressDenyToCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicysEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicysEgressDenyToCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicysEgressDenyToEndpoints { @@ -4255,6 +4525,10 @@ pub struct CiliumNetworkPolicysIngressFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -4265,6 +4539,47 @@ pub struct CiliumNetworkPolicysIngressFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicysIngressFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicysIngressFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicysIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicysIngressFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicysIngressFromEndpoints { @@ -5005,6 +5320,10 @@ pub struct CiliumNetworkPolicysIngressDenyFromCidrSet { /// connections from. #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupRef")] pub cidr_group_ref: Option, + /// CIDRGroupSelector selects CiliumCIDRGroups by their labels, + /// rather than by name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "cidrGroupSelector")] + pub cidr_group_selector: Option, /// ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule /// is not allowed to initiate connections to. These CIDR prefixes should be /// contained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not @@ -5015,6 +5334,47 @@ pub struct CiliumNetworkPolicysIngressDenyFromCidrSet { pub except: Option>, } +/// CIDRGroupSelector selects CiliumCIDRGroups by their labels, +/// rather than by name. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct CiliumNetworkPolicysIngressDenyFromCidrSetCidrGroupSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct CiliumNetworkPolicysIngressDenyFromCidrSetCidrGroupSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: CiliumNetworkPolicysIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum CiliumNetworkPolicysIngressDenyFromCidrSetCidrGroupSelectorMatchExpressionsOperator { + In, + NotIn, + Exists, + DoesNotExist, +} + /// EndpointSelector is a wrapper for k8s LabelSelector. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CiliumNetworkPolicysIngressDenyFromEndpoints { diff --git a/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs b/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs index 3b88b9b16..daef92de1 100644 --- a/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs +++ b/kube-custom-resources-rs/src/cilium_io/v2alpha1/ciliumendpointslices.rs @@ -53,7 +53,7 @@ pub struct CiliumEndpointSliceEndpointsNamedPorts { #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Layer 4 protocol - /// Enum: [TCP UDP SCTP ICMP ICMPV6 ANY] + /// Enum: ["TCP","UDP","SCTP","ICMP","ICMPV6","ANY"] #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } diff --git a/kube-custom-resources-rs/src/cloudwatch_aws_amazon_com/v1alpha1/amazoncloudwatchagents.rs b/kube-custom-resources-rs/src/cloudwatch_aws_amazon_com/v1alpha1/amazoncloudwatchagents.rs index 09ea16ff1..0989d0258 100644 --- a/kube-custom-resources-rs/src/cloudwatch_aws_amazon_com/v1alpha1/amazoncloudwatchagents.rs +++ b/kube-custom-resources-rs/src/cloudwatch_aws_amazon_com/v1alpha1/amazoncloudwatchagents.rs @@ -142,6 +142,9 @@ pub struct AmazonCloudWatchAgentSpec { /// default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "priorityClassName")] pub priority_class_name: Option, + /// Prometheus is the raw YAML to be used as the collector's prometheus configuration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prometheus: Option, /// Replicas is the number of pod instances for the underlying OpenTelemetry Collector. Set this if your are not using autoscaling #[serde(default, skip_serializing_if = "Option::is_none")] pub replicas: Option, @@ -165,6 +168,9 @@ pub struct AmazonCloudWatchAgentSpec { /// the operator will not automatically create a ServiceAccount for the collector. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] pub service_account: Option, + /// TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetAllocator")] + pub target_allocator: Option, /// Duration in seconds the pod needs to terminate gracefully upon probe failure. #[serde(default, skip_serializing_if = "Option::is_none", rename = "terminationGracePeriodSeconds")] pub termination_grace_period_seconds: Option, @@ -4223,6 +4229,25 @@ pub struct AmazonCloudWatchAgentPorts { pub target_port: Option, } +/// Prometheus is the raw YAML to be used as the collector's prometheus configuration. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentPrometheus { + /// AnyConfig represent parts of the config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub config: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub report_extra_scrape_metrics: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub start_time_metric_regex: Option, + /// AnyConfig represent parts of the config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub target_allocator: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub trim_metric_suffixes: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub use_start_time_metric: Option, +} + /// Resources to set on the OpenTelemetry Collector pods. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AmazonCloudWatchAgentResources { @@ -4431,6 +4456,1277 @@ pub struct AmazonCloudWatchAgentSecurityContextWindowsOptions { pub run_as_user_name: Option, } +/// TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocator { + /// If specified, indicates the pod's scheduling constraints + #[serde(default, skip_serializing_if = "Option::is_none")] + pub affinity: Option, + /// AllocationStrategy determines which strategy the target allocator should use for allocation. + /// The current option is consistent-hashing. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allocationStrategy")] + pub allocation_strategy: Option, + /// Enabled indicates whether to use a target allocation mechanism for Prometheus targets or not. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// ENV vars to set on the OpenTelemetry TargetAllocator's Pods. These can then in certain cases be + /// consumed in the config file for the TargetAllocator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, + /// FilterStrategy determines how to filter targets before allocating them among the collectors. + /// The only current option is relabel-config (drops targets based on prom relabel_config). + /// Filtering is disabled by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "filterStrategy")] + pub filter_strategy: Option, + /// Image indicates the container image to use for the OpenTelemetry TargetAllocator. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub image: Option, + /// NodeSelector to schedule OpenTelemetry TargetAllocator pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] + pub node_selector: Option>, + /// PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. + /// All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusCR")] + pub prometheus_cr: Option, + /// Replicas is the number of pod instances for the underlying TargetAllocator. This should only be set to a value + /// other than 1 if a strategy that allows for high availability is chosen. Currently, the only allocation strategy + /// that can be run in a high availability mode is consistent-hashing. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub replicas: Option, + /// Resources to set on the OpenTelemetryTargetAllocator containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, + /// SecurityContext configures the container security context for + /// the target-allocator. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] + pub security_context: Option, + /// ServiceAccount indicates the name of an existing service account to use with this instance. When set, + /// the operator will not automatically create a ServiceAccount for the TargetAllocator. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccount")] + pub service_account: Option, + /// Toleration embedded kubernetes pod configuration option, + /// controls how pods can be scheduled with matching taints + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, + /// TopologySpreadConstraints embedded kubernetes pod configuration option, + /// controls how pods are spread across your cluster among failure-domains + /// such as regions, zones, nodes, and other user-defined topology domains + /// https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] + pub topology_spread_constraints: Option>, +} + +/// If specified, indicates the pod's scheduling constraints +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinity { + /// Describes node affinity scheduling rules for the pod. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinity")] + pub node_affinity: Option, + /// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAffinity")] + pub pod_affinity: Option, + /// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podAntiAffinity")] + pub pod_anti_affinity: Option, +} + +/// Describes node affinity scheduling rules for the pod. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node matches the corresponding matchExpressions; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to an update), the system + /// may or may not try to eventually evict the pod from its node. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option, +} + +/// An empty preferred scheduling term matches all objects with implicit weight 0 +/// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// A node selector term, associated with the corresponding weight. + pub preference: AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference, + /// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + pub weight: i32, +} + +/// A node selector term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreference { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionPreferenceMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// If the affinity requirements specified by this field are not met at +/// scheduling time, the pod will not be scheduled onto the node. +/// If the affinity requirements specified by this field cease to be met +/// at some point during pod execution (e.g. due to an update), the system +/// may or may not try to eventually evict the pod from its node. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// Required. A list of node selector terms. The terms are ORed. + #[serde(rename = "nodeSelectorTerms")] + pub node_selector_terms: Vec, +} + +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTerms { + /// A list of node selector requirements by node's labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// A list of node selector requirements by node's fields. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchFields")] + pub match_fields: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchExpressions { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecutionNodeSelectorTermsMatchFields { + /// The label key that the selector applies to. + pub key: String, + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + pub operator: String, + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + /// If it's null, this PodAffinityTerm matches with no Pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +/// If it's null, this PodAffinityTerm matches with no Pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + /// If it's null, this PodAffinityTerm matches with no Pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +/// If it's null, this PodAffinityTerm matches with no Pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinity { + /// The scheduler will prefer to schedule pods to nodes that satisfy + /// the anti-affinity expressions specified by this field, but it may choose + /// a node that violates one or more of the expressions. The node that is + /// most preferred is the one with the greatest sum of weights, i.e. + /// for each node that meets all of the scheduling requirements (resource + /// request, requiredDuringScheduling anti-affinity expressions, etc.), + /// compute a sum by iterating through the elements of this field and adding + /// "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + /// node(s) with the highest sum are the most preferred. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preferredDuringSchedulingIgnoredDuringExecution")] + pub preferred_during_scheduling_ignored_during_execution: Option>, + /// If the anti-affinity requirements specified by this field are not met at + /// scheduling time, the pod will not be scheduled onto the node. + /// If the anti-affinity requirements specified by this field cease to be met + /// at some point during pod execution (e.g. due to a pod label update), the + /// system may or may not try to eventually evict the pod from its node. + /// When there are multiple elements, the lists of nodes corresponding to each + /// podAffinityTerm are intersected, i.e. all terms must be satisfied. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "requiredDuringSchedulingIgnoredDuringExecution")] + pub required_during_scheduling_ignored_during_execution: Option>, +} + +/// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecution { + /// Required. A pod affinity term, associated with the corresponding weight. + #[serde(rename = "podAffinityTerm")] + pub pod_affinity_term: AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm, + /// weight associated with matching the corresponding podAffinityTerm, + /// in the range 1-100. + pub weight: i32, +} + +/// Required. A pod affinity term, associated with the corresponding weight. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTerm { + /// A label query over a set of resources, in this case pods. + /// If it's null, this PodAffinityTerm matches with no Pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +/// If it's null, this PodAffinityTerm matches with no Pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionPodAffinityTermNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Defines a set of pods (namely those matching the labelSelector +/// relative to the given namespace(s)) that this pod should be +/// co-located (affinity) or not co-located (anti-affinity) with, +/// where co-located is defined as running on a node whose value of +/// the label with key matches that of any node on which +/// a pod of the set of pods is running +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecution { + /// A label query over a set of resources, in this case pods. + /// If it's null, this PodAffinityTerm matches with no Pods. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MismatchLabelKeys is a set of pod label keys to select which pods will + /// be taken into consideration. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// to select the group of existing pods which pods will be taken into consideration + /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + /// pod labels will be ignored. The default value is empty. + /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. + /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] + pub mismatch_label_keys: Option>, + /// A label query over the set of namespaces that the term applies to. + /// The term is applied to the union of the namespaces selected by this field + /// and the ones listed in the namespaces field. + /// null selector and null or empty namespaces list means "this pod's namespace". + /// An empty selector ({}) matches all namespaces. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "namespaceSelector")] + pub namespace_selector: Option, + /// namespaces specifies a static list of namespace names that the term applies to. + /// The term is applied to the union of the namespaces listed in this field + /// and the ones selected by namespaceSelector. + /// null or empty namespaces list and null namespaceSelector means "this pod's namespace". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespaces: Option>, + /// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + /// the labelSelector in the specified namespaces, where co-located is defined as running on a node + /// whose value of the label with key topologyKey matches that of any node on which any of the + /// selected pods is running. + /// Empty topologyKey is not allowed. + #[serde(rename = "topologyKey")] + pub topology_key: String, +} + +/// A label query over a set of resources, in this case pods. +/// If it's null, this PodAffinityTerm matches with no Pods. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// A label query over the set of namespaces that the term applies to. +/// The term is applied to the union of the namespaces selected by this field +/// and the ones listed in the namespaces field. +/// null selector and null or empty namespaces list means "this pod's namespace". +/// An empty selector ({}) matches all namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringExecutionNamespaceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// TargetAllocator indicates a value which determines whether to spawn a target allocation resource or not. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AmazonCloudWatchAgentTargetAllocatorAllocationStrategy { + #[serde(rename = "consistent-hashing")] + ConsistentHashing, +} + +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// PrometheusCR defines the configuration for the retrieval of PrometheusOperator CRDs ( servicemonitor.monitoring.coreos.com/v1 and podmonitor.monitoring.coreos.com/v1 ) retrieval. +/// All CR instances which the ServiceAccount has access to will be retrieved. This includes other namespaces. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorPrometheusCr { + /// Enabled indicates whether to use a PrometheusOperator custom resources as targets or not. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// PodMonitors to be selected for target discovery. + /// This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a + /// PodMonitor's meta labels. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podMonitorSelector")] + pub pod_monitor_selector: Option>, + /// Interval between consecutive scrapes. Equivalent to the same setting on the Prometheus CRD. + /// + /// + /// Default: "30s" + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeInterval")] + pub scrape_interval: Option, + /// ServiceMonitors to be selected for target discovery. + /// This is a map of {key,value} pairs. Each {key,value} in the map is going to exactly match a label in a + /// ServiceMonitor's meta labels. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceMonitorSelector")] + pub service_monitor_selector: Option>, +} + +/// Resources to set on the OpenTelemetryTargetAllocator containers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// + /// + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// + /// + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// SecurityContext configures the container security context for +/// the target-allocator. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorSecurityContext { + /// A special supplemental group that applies to all containers in a pod. + /// Some volume types allow the Kubelet to change the ownership of that volume + /// to be owned by the pod: + /// + /// + /// 1. The owning GID will be the FSGroup + /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + /// 3. The permission bits are OR'd with rw-rw---- + /// + /// + /// If unset, the Kubelet will not modify the ownership and permissions of any volume. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")] + pub fs_group: Option, + /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + /// before being exposed inside Pod. This field will only apply to + /// volume types which support fsGroup based ownership(and permissions). + /// It will have no effect on ephemeral volume types such as: secret, configmaps + /// and emptydir. + /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroupChangePolicy")] + pub fs_group_change_policy: Option, + /// The GID to run the entrypoint of the container process. + /// Uses runtime default if unset. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsGroup")] + pub run_as_group: Option, + /// Indicates that the container must run as a non-root user. + /// If true, the Kubelet will validate the image at runtime to ensure that it + /// does not run as UID 0 (root) and fail to start the container if it does. + /// If unset or false, no such validation will be performed. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsNonRoot")] + pub run_as_non_root: Option, + /// The UID to run the entrypoint of the container process. + /// Defaults to user specified in image metadata if unspecified. + /// May also be set in SecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence + /// for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")] + pub run_as_user: Option, + /// The SELinux context to be applied to all containers. + /// If unspecified, the container runtime will allocate a random SELinux context for each + /// container. May also be set in SecurityContext. If set in + /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext + /// takes precedence for that container. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seLinuxOptions")] + pub se_linux_options: Option, + /// The seccomp options to use by the containers in this pod. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "seccompProfile")] + pub seccomp_profile: Option, + /// A list of groups applied to the first process run in each container, in addition + /// to the container's primary GID, the fsGroup (if specified), and group memberships + /// defined in the container image for the uid of the container process. If unspecified, + /// no additional groups are added to any container. Note that group memberships + /// defined in the container image for the uid of the container process are still effective, + /// even if they are not included in this list. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "supplementalGroups")] + pub supplemental_groups: Option>, + /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + /// sysctls (by the container runtime) might fail to launch. + /// Note that this field cannot be set when spec.os.name is windows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sysctls: Option>, + /// The Windows specific settings applied to all containers. + /// If unspecified, the options within a container's SecurityContext will be used. + /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + /// Note that this field cannot be set when spec.os.name is linux. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "windowsOptions")] + pub windows_options: Option, +} + +/// The SELinux context to be applied to all containers. +/// If unspecified, the container runtime will allocate a random SELinux context for each +/// container. May also be set in SecurityContext. If set in +/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext +/// takes precedence for that container. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorSecurityContextSeLinuxOptions { + /// Level is SELinux level label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub level: Option, + /// Role is a SELinux role label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub role: Option, + /// Type is a SELinux type label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] + pub r#type: Option, + /// User is a SELinux user label that applies to the container. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// The seccomp options to use by the containers in this pod. +/// Note that this field cannot be set when spec.os.name is windows. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorSecurityContextSeccompProfile { + /// localhostProfile indicates a profile defined in a file on the node should be used. + /// The profile must be preconfigured on the node to work. + /// Must be a descending path, relative to the kubelet's configured seccomp profile location. + /// Must be set if type is "Localhost". Must NOT be set for any other type. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "localhostProfile")] + pub localhost_profile: Option, + /// type indicates which kind of seccomp profile will be applied. + /// Valid options are: + /// + /// + /// Localhost - a profile defined in a file on the node should be used. + /// RuntimeDefault - the container runtime default profile should be used. + /// Unconfined - no profile should be applied. + #[serde(rename = "type")] + pub r#type: String, +} + +/// Sysctl defines a kernel parameter to be set +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorSecurityContextSysctls { + /// Name of a property to set + pub name: String, + /// Value of a property to set + pub value: String, +} + +/// The Windows specific settings applied to all containers. +/// If unspecified, the options within a container's SecurityContext will be used. +/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +/// Note that this field cannot be set when spec.os.name is linux. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorSecurityContextWindowsOptions { + /// GMSACredentialSpec is where the GMSA admission webhook + /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + /// GMSA credential spec named by the GMSACredentialSpecName field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpec")] + pub gmsa_credential_spec: Option, + /// GMSACredentialSpecName is the name of the GMSA credential spec to use. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "gmsaCredentialSpecName")] + pub gmsa_credential_spec_name: Option, + /// HostProcess determines if a container should be run as a 'Host Process' container. + /// All of a Pod's containers must have the same effective HostProcess value + /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + /// In addition, if HostProcess is true then HostNetwork must also be set to true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostProcess")] + pub host_process: Option, + /// The UserName in Windows to run the entrypoint of the container process. + /// Defaults to the user specified in image metadata if unspecified. + /// May also be set in PodSecurityContext. If set in both SecurityContext and + /// PodSecurityContext, the value specified in SecurityContext takes precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUserName")] + pub run_as_user_name: Option, +} + +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorTopologySpreadConstraints { + /// LabelSelector is used to find matching pods. + /// Pods that match this label selector are counted to determine the number of pods + /// in their corresponding topology domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] + pub label_selector: Option, + /// MatchLabelKeys is a set of pod label keys to select the pods over which + /// spreading will be calculated. The keys are used to lookup values from the + /// incoming pod labels, those key-value labels are ANDed with labelSelector + /// to select the group of existing pods over which spreading will be calculated + /// for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + /// MatchLabelKeys cannot be set when LabelSelector isn't set. + /// Keys that don't exist in the incoming pod labels will + /// be ignored. A null or empty list means only match against labelSelector. + /// + /// + /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] + pub match_label_keys: Option>, + /// MaxSkew describes the degree to which pods may be unevenly distributed. + /// When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + /// between the number of matching pods in the target topology and the global minimum. + /// The global minimum is the minimum number of matching pods in an eligible domain + /// or zero if the number of eligible domains is less than MinDomains. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 2/2/1: + /// In this case, the global minimum is 1. + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P | + /// - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + /// scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + /// violate MaxSkew(1). + /// - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + /// When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + /// to topologies that satisfy it. + /// It's a required field. Default value is 1 and 0 is not allowed. + #[serde(rename = "maxSkew")] + pub max_skew: i32, + /// MinDomains indicates a minimum number of eligible domains. + /// When the number of eligible domains with matching topology keys is less than minDomains, + /// Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + /// And when the number of eligible domains with matching topology keys equals or greater than minDomains, + /// this value has no effect on scheduling. + /// As a result, when the number of eligible domains is less than minDomains, + /// scheduler won't schedule more than maxSkew Pods to those domains. + /// If value is nil, the constraint behaves as if MinDomains is equal to 1. + /// Valid values are integers greater than 0. + /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + /// + /// + /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + /// labelSelector spread as 2/2/2: + /// | zone1 | zone2 | zone3 | + /// | P P | P P | P P | + /// The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + /// In this situation, new pod with the same labelSelector cannot be scheduled, + /// because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + /// it will violate MaxSkew. + /// + /// + /// This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "minDomains")] + pub min_domains: Option, + /// NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + /// when calculating pod topology spread skew. Options are: + /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + /// + /// + /// If this value is nil, the behavior is equivalent to the Honor policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] + pub node_affinity_policy: Option, + /// NodeTaintsPolicy indicates how we will treat node taints when calculating + /// pod topology spread skew. Options are: + /// - Honor: nodes without taints, along with tainted nodes for which the incoming pod + /// has a toleration, are included. + /// - Ignore: node taints are ignored. All nodes are included. + /// + /// + /// If this value is nil, the behavior is equivalent to the Ignore policy. + /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] + pub node_taints_policy: Option, + /// TopologyKey is the key of node labels. Nodes that have a label with this key + /// and identical values are considered to be in the same topology. + /// We consider each as a "bucket", and try to put balanced number + /// of pods into each bucket. + /// We define a domain as a particular instance of a topology. + /// Also, we define an eligible domain as a domain whose nodes meet the requirements of + /// nodeAffinityPolicy and nodeTaintsPolicy. + /// e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + /// And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + /// It's a required field. + #[serde(rename = "topologyKey")] + pub topology_key: String, + /// WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + /// the spread constraint. + /// - DoNotSchedule (default) tells the scheduler not to schedule it. + /// - ScheduleAnyway tells the scheduler to schedule the pod in any location, + /// but giving higher precedence to topologies that would help reduce the + /// skew. + /// A constraint is considered "Unsatisfiable" for an incoming pod + /// if and only if every possible node assignment for that pod would violate + /// "MaxSkew" on some topology. + /// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + /// labelSelector spread as 3/1/1: + /// | zone1 | zone2 | zone3 | + /// | P P P | P | P | + /// If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + /// to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + /// MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + /// won't make it *more* imbalanced. + /// It's a required field. + #[serde(rename = "whenUnsatisfiable")] + pub when_unsatisfiable: String, +} + +/// LabelSelector is used to find matching pods. +/// Pods that match this label selector are counted to determine the number of pods +/// in their corresponding topology domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorTopologySpreadConstraintsLabelSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AmazonCloudWatchAgentTargetAllocatorTopologySpreadConstraintsLabelSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + /// The pod this Toleration is attached to tolerates any taint that matches /// the triple using the matching operator . #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinedeployments.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinedeployments.rs index 5fa7a8a32..e43696aa9 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinedeployments.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinedeployments.rs @@ -37,6 +37,8 @@ pub struct MachineDeploymentSpec { /// process failed deployments and a condition with a ProgressDeadlineExceeded /// reason will be surfaced in the deployment status. Note that progress will /// not be estimated during the time a deployment is paused. Defaults to 600s. + /// + /// Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/issues/11470 for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "progressDeadlineSeconds")] pub progress_deadline_seconds: Option, /// Number of desired machines. @@ -298,7 +300,11 @@ pub struct MachineDeploymentTemplateSpec { /// Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; /// they can include the status of those components with a new condition and add this condition to ReadinessGates. /// - /// NOTE: this field is considered only for computing v1beta2 conditions. + /// NOTE: This field is considered only for computing v1beta2 conditions. + /// NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + /// readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + /// readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + /// This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessGates")] pub readiness_gates: Option>, /// version defines the desired Kubernetes version. @@ -444,6 +450,8 @@ pub struct MachineDeploymentStatus { /// the deployment to have 100% available capacity. They may either /// be machines that are running but not yet available or machines /// that still have not been created. + /// + /// Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "unavailableReplicas")] pub unavailable_replicas: Option, /// Total number of non-terminated machines targeted by this deployment diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs index 8a61c75b1..685ca2c2c 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinepools.rs @@ -129,7 +129,11 @@ pub struct MachinePoolTemplateSpec { /// Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; /// they can include the status of those components with a new condition and add this condition to ReadinessGates. /// - /// NOTE: this field is considered only for computing v1beta2 conditions. + /// NOTE: This field is considered only for computing v1beta2 conditions. + /// NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + /// readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + /// readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + /// This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessGates")] pub readiness_gates: Option>, /// version defines the desired Kubernetes version. @@ -290,6 +294,8 @@ pub struct MachinePoolStatus { /// the machine pool to have 100% available capacity. They may either /// be machine instances that are running but not yet available or machine instances /// that still have not been created. + /// + /// Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "unavailableReplicas")] pub unavailable_replicas: Option, /// v1beta2 groups all the fields that will be added or modified in MachinePool's status with the V1Beta2 version. diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machines.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machines.rs index be862bcfe..94c93cd83 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machines.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machines.rs @@ -69,7 +69,11 @@ pub struct MachineSpec { /// Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; /// they can include the status of those components with a new condition and add this condition to ReadinessGates. /// - /// NOTE: this field is considered only for computing v1beta2 conditions. + /// NOTE: This field is considered only for computing v1beta2 conditions. + /// NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + /// readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + /// readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + /// This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessGates")] pub readiness_gates: Option>, /// version defines the desired Kubernetes version. diff --git a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinesets.rs b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinesets.rs index 382978631..dd6f5e8e5 100644 --- a/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinesets.rs +++ b/kube-custom-resources-rs/src/cluster_x_k8s_io/v1beta1/machinesets.rs @@ -190,7 +190,11 @@ pub struct MachineSetTemplateSpec { /// Another example are external controllers, e.g. responsible to install special software/hardware on the Machines; /// they can include the status of those components with a new condition and add this condition to ReadinessGates. /// - /// NOTE: this field is considered only for computing v1beta2 conditions. + /// NOTE: This field is considered only for computing v1beta2 conditions. + /// NOTE: In case readinessGates conditions start with the APIServer, ControllerManager, Scheduler prefix, and all those + /// readiness gates condition are reporting the same message, when computing the Machine's Ready condition those + /// readinessGates will be replaced by a single entry reporting "Control plane components: " + message. + /// This helps to improve readability of conditions bubbling up to the Machine's owner resource / to the Cluster). #[serde(default, skip_serializing_if = "Option::is_none", rename = "readinessGates")] pub readiness_gates: Option>, /// version defines the desired Kubernetes version. @@ -338,6 +342,8 @@ pub struct MachineSetStatus { #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureReason")] pub failure_reason: Option, /// The number of replicas that have labels matching the labels of the machine template of the MachineSet. + /// + /// Deprecated: This field is deprecated and is going to be removed in the next apiVersion. Please see https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20240916-improve-status-in-CAPI-resources.md for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "fullyLabeledReplicas")] pub fully_labeled_replicas: Option, /// observedGeneration reflects the generation of the most recently observed MachineSet. diff --git a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs index ffe97f4b8..36327d3ca 100644 --- a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs +++ b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpretercustomizations.rs @@ -88,7 +88,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsDependencyInterpretatio /// a specific resource. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function GetDependencies(desiredObj) @@ -106,16 +105,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsDependencyInterpretatio /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - /// /// The returned value should be expressed by a slice of DependentObjectReference. #[serde(rename = "luaScript")] pub lua_script: String, @@ -129,7 +125,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsHealthInterpretation { /// a specific resource. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function InterpretHealth(observedObj) @@ -139,16 +134,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsHealthInterpretation { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - observedObj: the object represents the configuration that is observed /// from a specific member cluster. /// - /// /// The returned boolean value indicates the health status. #[serde(rename = "luaScript")] pub lua_script: String, @@ -166,10 +158,8 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaResource { /// LuaScript holds the Lua script that is used to discover the resource's /// replica as well as resource requirements /// - /// /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function GetReplicas(desiredObj) @@ -183,16 +173,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaResource { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - /// /// The function expects two return values: /// - replica: the declared replica number /// - requirement: the resource required by each replica expressed with a @@ -213,7 +200,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaRevision { /// LuaScript holds the Lua script that is used to revise replicas in the desired specification. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function ReviseReplica(desiredObj, desiredReplica) @@ -222,17 +208,14 @@ pub struct ResourceInterpreterCustomizationCustomizationsReplicaRevision { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - desiredReplica: the replica number should be applied with. /// - /// /// The returned object should be a revised configuration which will be /// applied to member cluster eventually. #[serde(rename = "luaScript")] @@ -251,10 +234,8 @@ pub struct ResourceInterpreterCustomizationCustomizationsRetention { /// LuaScript holds the Lua script that is used to retain runtime values /// to the desired specification. /// - /// /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function Retain(desiredObj, observedObj) @@ -263,18 +244,15 @@ pub struct ResourceInterpreterCustomizationCustomizationsRetention { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents the configuration to be applied /// to the member cluster. /// - observedObj: the object represents the configuration that is observed /// from a specific member cluster. /// - /// /// The returned object should be a retained configuration which will be /// applied to member cluster eventually. #[serde(rename = "luaScript")] @@ -292,7 +270,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusAggregation { /// to the desired specification. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function AggregateStatus(desiredObj, statusItems) @@ -303,16 +280,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusAggregation { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - desiredObj: the object represents a resource template. /// - statusItems: the slice of status expressed with AggregatedStatusItem. /// - /// /// The returned object should be a whole object with status aggregated. #[serde(rename = "luaScript")] pub lua_script: String, @@ -327,7 +301,6 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusReflection { /// LuaScript holds the Lua script that is used to get the status from the observed specification. /// The script should implement a function as follows: /// - /// /// ```text /// luaScript: > /// function ReflectStatus(observedObj) @@ -337,16 +310,13 @@ pub struct ResourceInterpreterCustomizationCustomizationsStatusReflection { /// end /// ``` /// - /// /// The content of the LuaScript needs to be a whole function including both /// declaration and implementation. /// - /// /// The parameters will be supplied by the system: /// - observedObj: the object represents the configuration that is observed /// from a specific member cluster. /// - /// /// The returned status could be the whole status or part of it and will /// be set into both Work and ResourceBinding(ClusterResourceBinding). #[serde(rename = "luaScript")] diff --git a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs index 6d37823f1..19cea8e79 100644 --- a/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs +++ b/kube-custom-resources-rs/src/config_karmada_io/v1alpha1/resourceinterpreterwebhookconfigurations.rs @@ -49,7 +49,6 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfig { /// `service` is a reference to the service for this webhook. Either /// `service` or `url` must be specified. /// - /// /// If the webhook is running within the cluster, then you should use `service`. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -57,29 +56,24 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfig { /// (`scheme://host:port/path`). Exactly one of `url` or `service` /// must be specified. /// - /// /// The `host` should not refer to a service running in the cluster; use /// the `service` field instead. The host might be resolved via external /// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve /// in-cluster DNS as that would be a layering violation). `host` may /// also be an IP address. /// - /// /// Please note that using `localhost` or `127.0.0.1` as a `host` is /// risky unless you take great care to run this webhook on all hosts /// which run an apiserver which might need to make calls to this /// webhook. Such installs are likely to be non-portable, i.e., not easy /// to turn up in a new cluster. /// - /// /// The scheme must be "https"; the URL must begin with "https://". /// - /// /// A path is optional, and if present may be any string permissible in /// a URL. You may use the path to pass an arbitrary string to the /// webhook, for example, a cluster identifier. /// - /// /// Attempting to use a user or basic auth e.g. "user:password@" is not /// allowed. Fragments ("#...") and query parameters ("?...") are not /// allowed, either. @@ -90,7 +84,6 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfig { /// `service` is a reference to the service for this webhook. Either /// `service` or `url` must be specified. /// -/// /// If the webhook is running within the cluster, then you should use `service`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceInterpreterWebhookConfigurationWebhooksClientConfigService { @@ -121,7 +114,6 @@ pub struct ResourceInterpreterWebhookConfigurationWebhooksRules { /// ["apps", "batch", "example.io"] means matches 3 groups. /// ["*"] means matches all group /// - /// /// Note: The group could be empty, e.g the 'core' group of kubernetes, in that case use [""]. #[serde(rename = "apiGroups")] pub api_groups: Vec, diff --git a/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs b/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs index e4de37906..c0a62a324 100644 --- a/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs +++ b/kube-custom-resources-rs/src/datadoghq_com/v2alpha1/datadogagents.rs @@ -484,7 +484,6 @@ pub struct DatadogAgentFeaturesApm { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesApmHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -824,7 +823,6 @@ pub struct DatadogAgentFeaturesDogstatsd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesDogstatsdHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -1295,7 +1293,7 @@ pub struct DatadogAgentFeaturesOtlpReceiverProtocols { /// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesOtlpReceiverProtocolsGrpc { - /// Enable the OTLP/gRPC endpoint. + /// Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/gRPC. @@ -1304,18 +1302,52 @@ pub struct DatadogAgentFeaturesOtlpReceiverProtocolsGrpc { /// Default: `0.0.0.0:4317`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPort for OTLP/gRPC + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPort for OTLP/gRPC +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesOtlpReceiverProtocolsGrpcHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentFeaturesOtlpReceiverProtocolsHttp { - /// Enable the OTLP/HTTP endpoint. + /// Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/HTTP. /// Default: '0.0.0.0:4318'. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPorts for OTLP/HTTP + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPorts for OTLP/HTTP +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentFeaturesOtlpReceiverProtocolsHttpHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// ProcessDiscovery configuration. @@ -1455,12 +1487,27 @@ pub struct DatadogAgentGlobal { /// Overrides the site setting defined in `Site`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Env contains a list of environment variables that are set for all Agents. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub env: Option>, /// FIPS contains configuration used to customize the FIPS proxy sidecar. #[serde(default, skip_serializing_if = "Option::is_none")] pub fips: Option, /// Kubelet contains the kubelet configuration parameters. #[serde(default, skip_serializing_if = "Option::is_none")] pub kubelet: Option, + /// Provide a mapping of Kubernetes Resource Groups to annotations mapping to Datadog Tags. + /// : + /// : + /// KUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesResourcesAnnotationsAsTags")] + pub kubernetes_resources_annotations_as_tags: Option>, + /// Provide a mapping of Kubernetes Resource Groups to labels mapping to Datadog Tags. + /// : + /// : + /// KUBERNETES_RESOURCE_GROUP should be in the form `{resource}.{group}` or `{resource}` (example: deployments.apps, pods) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesResourcesLabelsAsTags")] + pub kubernetes_resources_labels_as_tags: Option>, /// LocalService contains configuration to customize the internal traffic policy service. #[serde(default, skip_serializing_if = "Option::is_none", rename = "localService")] pub local_service: Option, @@ -1497,10 +1544,18 @@ pub struct DatadogAgentGlobal { pub pod_labels_as_tags: Option>, /// Registry is the image registry to use for all Agent images. /// Use 'public.ecr.aws/datadog' for AWS ECR. + /// Use 'datadoghq.azurecr.io' for Azure Container Registry. + /// Use 'gcr.io/datadoghq' for Google Container Registry. + /// Use 'eu.gcr.io/datadoghq' for Google Container Registry in the EU region. + /// Use 'asia.gcr.io/datadoghq' for Google Container Registry in the Asia region. /// Use 'docker.io/datadog' for DockerHub. /// Default: 'gcr.io/datadoghq' #[serde(default, skip_serializing_if = "Option::is_none")] pub registry: Option, + /// Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management + /// See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretBackend")] + pub secret_backend: Option, /// Site is the Datadog intake site Agent data are sent to. /// Set to 'datadoghq.com' to send data to the US1 site (default). /// Set to 'datadoghq.eu' to send data to the EU site. @@ -1633,6 +1688,102 @@ pub struct DatadogAgentGlobalEndpointCredentialsAppSecret { pub secret_name: String, } +/// EnvVar represents an environment variable present in a Container. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnv { + /// Name of the environment variable. Must be a C_IDENTIFIER. + pub name: String, + /// Variable references $(VAR_NAME) are expanded + /// using the previously defined environment variables in the container and + /// any service environment variables. If a variable cannot be resolved, + /// the reference in the input string will be unchanged. Double $$ are reduced + /// to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + /// "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + /// Escaped references will never be expanded, regardless of whether the variable + /// exists or not. + /// Defaults to "". + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, + /// Source for the environment variable's value. Cannot be used if value is not empty. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] + pub value_from: Option, +} + +/// Source for the environment variable's value. Cannot be used if value is not empty. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFrom { + /// Selects a key of a ConfigMap. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapKeyRef")] + pub config_map_key_ref: Option, + /// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + /// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldRef")] + pub field_ref: Option, + /// Selects a resource of the container: only resources limits and requests + /// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceFieldRef")] + pub resource_field_ref: Option, + /// Selects a key of a secret in the pod's namespace + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] + pub secret_key_ref: Option, +} + +/// Selects a key of a ConfigMap. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromConfigMapKeyRef { + /// The key to select. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +/// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromFieldRef { + /// Version of the schema the FieldPath is written in terms of, defaults to "v1". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// Path of the field to select in the specified API version. + #[serde(rename = "fieldPath")] + pub field_path: String, +} + +/// Selects a resource of the container: only resources limits and requests +/// (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromResourceFieldRef { + /// Container name: required for volumes, optional for env vars + #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerName")] + pub container_name: Option, + /// Specifies the output format of the exposed resources, defaults to "1" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub divisor: Option, + /// Required: resource to select + pub resource: String, +} + +/// Selects a key of a secret in the pod's namespace +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalEnvValueFromSecretKeyRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret or its key must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// FIPS contains configuration used to customize the FIPS proxy sidecar. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentGlobalFips { @@ -1956,6 +2107,44 @@ pub struct DatadogAgentGlobalOriginDetectionUnified { pub enabled: Option, } +/// Configure the secret backend feature https://docs.datadoghq.com/agent/guide/secrets-management +/// See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalSecretBackend { + /// List of arguments to pass to the command (space-separated strings). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub args: Option, + /// The secret backend command to use. Datadog provides a pre-defined binary `/readsecret_multiple_providers.sh`. + /// Read more about `/readsecret_multiple_providers.sh` at https://docs.datadoghq.com/agent/configuration/secrets-management/?tab=linux#script-for-reading-from-multiple-secret-providers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub command: Option, + /// Whether to create a global permission allowing Datadog agents to read all Kubernetes secrets. + /// Default: `false`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableGlobalPermissions")] + pub enable_global_permissions: Option, + /// Roles for Datadog to read the specified secrets, replacing `enableGlobalPermissions`. + /// They are defined as a list of namespace/secrets. + /// Each defined namespace needs to be present in the DatadogAgent controller using `WATCH_NAMESPACE` or `DD_AGENT_WATCH_NAMESPACE`. + /// See also: https://github.com/DataDog/datadog-operator/blob/main/docs/secret_management.md#how-to-deploy-the-agent-components-using-the-secret-backend-feature-with-datadogagent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub roles: Option>, + /// The command timeout in seconds. + /// Default: `30`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub timeout: Option, +} + +/// SecretBackendRolesConfig provides configuration of the secrets Datadog agents can read for the SecretBackend feature +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentGlobalSecretBackendRoles { + /// Namespace defines the namespace in which the secrets reside. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Secrets defines the list of secrets for which a role should be created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub secrets: Option>, +} + /// Override the default configurations of the agents #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentOverride { @@ -2000,6 +2189,10 @@ pub struct DatadogAgentOverride { /// See also: https://docs.datadoghq.com/agent/kubernetes/?tab=helm#environment-variables #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, + /// EnvFrom specifies the ConfigMaps and Secrets to expose as environment variables. + /// Priority is env > envFrom. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] + pub env_from: Option>, /// Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ /// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details. #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraChecksd")] @@ -2041,6 +2234,9 @@ pub struct DatadogAgentOverride { /// Pod-level SecurityContext. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityContext")] pub security_context: Option, + /// Sets the ServiceAccountAnnotations used by this component. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountAnnotations")] + pub service_account_annotations: Option>, /// Sets the ServiceAccount used by this component. /// Ignored if the field CreateRbac is true. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceAccountName")] @@ -3515,6 +3711,46 @@ pub struct DatadogAgentOverrideEnvValueFromSecretKeyRef { pub optional: Option, } +/// EnvFromSource represents the source of a set of ConfigMaps +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentOverrideEnvFrom { + /// The ConfigMap to select from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configMapRef")] + pub config_map_ref: Option, + /// An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, + /// The Secret to select from + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, +} + +/// The ConfigMap to select from +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentOverrideEnvFromConfigMapRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the ConfigMap must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + +/// The Secret to select from +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentOverrideEnvFromSecretRef { + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specify whether the Secret must be defined + #[serde(default, skip_serializing_if = "Option::is_none")] + pub optional: Option, +} + /// Checksd configuration allowing to specify custom checks placed under /etc/datadog-agent/checks.d/ /// See https://docs.datadoghq.com/agent/guide/agent-configuration-files/?tab=agentv6 for more details. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5992,7 +6228,6 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApm { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesApmHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -6332,7 +6567,6 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsd { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesDogstatsdHostPortConfig { /// Enabled enables host port configuration - /// Default: false #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) @@ -6803,7 +7037,7 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtoc /// GRPC contains configuration for the OTLP ingest OTLP/gRPC receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsGrpc { - /// Enable the OTLP/gRPC endpoint. + /// Enable the OTLP/gRPC endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/gRPC. @@ -6812,18 +7046,52 @@ pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtoc /// Default: `0.0.0.0:4317`. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPort for OTLP/gRPC + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPort for OTLP/gRPC +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsGrpcHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// HTTP contains configuration for the OTLP ingest OTLP/HTTP receiver. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsHttp { - /// Enable the OTLP/HTTP endpoint. + /// Enable the OTLP/HTTP endpoint. Host port is enabled by default and can be disabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, /// Endpoint for OTLP/HTTP. /// Default: '0.0.0.0:4318'. #[serde(default, skip_serializing_if = "Option::is_none")] pub endpoint: Option, + /// Enable hostPorts for OTLP/HTTP + /// Default: true + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPortConfig")] + pub host_port_config: Option, +} + +/// Enable hostPorts for OTLP/HTTP +/// Default: true +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct DatadogAgentStatusRemoteConfigConfigurationFeaturesOtlpReceiverProtocolsHttpHostPortConfig { + /// Enabled enables host port configuration + #[serde(default, skip_serializing_if = "Option::is_none")] + pub enabled: Option, + /// Port takes a port number (0 < x < 65536) to expose on the host. (Most containers do not need this.) + /// If HostNetwork is enabled, this value must match the ContainerPort. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostPort")] + pub host_port: Option, } /// ProcessDiscovery configuration. diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs index b307c5bdc..efb89a68c 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/actionsets.rs @@ -6,6 +6,7 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; } use self::prelude::*; @@ -28,6 +29,7 @@ pub struct ActionSetSpec { /// - `Incremental` back up data that have changed since the last backup (either full or incremental). /// - `Differential` back up data that has changed since the last full backup. /// - `Continuous` back up transaction logs continuously, such as MySQL binlog, PostgreSQL WAL, etc. + /// - `Selective` back up data more precisely, use custom parameters, such as specific databases or tables. /// /// /// Continuous backup is essential for implementing Point-in-Time Recovery (PITR). @@ -46,6 +48,9 @@ pub struct ActionSetSpec { /// This field cannot be updated. #[serde(default, skip_serializing_if = "Option::is_none", rename = "envFrom")] pub env_from: Option>, + /// Specifies the schema of parameters in backups and restores before their usage. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "parametersSchema")] + pub parameters_schema: Option, /// Specifies the restore action. #[serde(default, skip_serializing_if = "Option::is_none")] pub restore: Option, @@ -67,6 +72,9 @@ pub struct ActionSetBackup { /// Note: The preDelete action job will ignore the env/envFrom. #[serde(default, skip_serializing_if = "Option::is_none", rename = "preDelete")] pub pre_delete: Option, + /// Specifies the parameters used by the backup action + #[serde(default, skip_serializing_if = "Option::is_none", rename = "withParameters")] + pub with_parameters: Option>, } /// Represents the action to be performed for backing up data. @@ -377,6 +385,19 @@ pub struct ActionSetEnvFromSecretRef { pub optional: Option, } +/// Specifies the schema of parameters in backups and restores before their usage. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ActionSetParametersSchema { + /// Defines the schema for parameters using the OpenAPI v3. + /// The supported property types include: + /// - string + /// - number + /// - integer + /// - array: Note that only items of string type are supported. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "openAPIV3Schema")] + pub open_apiv3_schema: Option>, +} + /// Specifies the restore action. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ActionSetRestore { @@ -389,6 +410,9 @@ pub struct ActionSetRestore { /// Specifies the action required to prepare data for restoration. #[serde(default, skip_serializing_if = "Option::is_none", rename = "prepareData")] pub prepare_data: Option, + /// Specifies the parameters used by the restore action + #[serde(default, skip_serializing_if = "Option::is_none", rename = "withParameters")] + pub with_parameters: Option>, } /// ActionSpec defines an action that should be executed. Only one of the fields may be set. diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs index 10b144ef3..f72547bea 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backups.rs @@ -41,6 +41,10 @@ pub struct BackupSpec { /// The current implementation only prevent accidental deletion of backup data. #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPolicy")] pub deletion_policy: Option, + /// Specifies a list of name-value pairs representing parameters and their corresponding values. + /// Parameters match the schema specified in the `actionset.spec.parametersSchema` + #[serde(default, skip_serializing_if = "Option::is_none")] + pub parameters: Option>, /// Determines the parent backup name for incremental or differential backup. #[serde(default, skip_serializing_if = "Option::is_none", rename = "parentBackupName")] pub parent_backup_name: Option, @@ -63,6 +67,14 @@ pub struct BackupSpec { pub retention_period: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackupParameters { + /// Represents the name of the parameter. + pub name: String, + /// Represents the parameter values. + pub value: String, +} + /// BackupStatus defines the observed state of Backup. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupStatus { diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backupschedules.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backupschedules.rs index 69cfa8d2e..065a67329 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backupschedules.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/backupschedules.rs @@ -42,6 +42,14 @@ pub struct BackupScheduleSchedules { /// Specifies whether the backup schedule is enabled or not. #[serde(default, skip_serializing_if = "Option::is_none")] pub enabled: Option, + /// Specifies the name of the schedule. Names cannot be duplicated. + /// If the name is empty, it will be considered the same as the value of the backupMethod below. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Specifies a list of name-value pairs representing parameters and their corresponding values. + /// Parameters match the schema specified in the `actionset.spec.parametersSchema` + #[serde(default, skip_serializing_if = "Option::is_none")] + pub parameters: Option>, /// Determines the duration for which the backup should be kept. /// KubeBlocks will remove all backups that are older than the RetentionPeriod. /// For example, RetentionPeriod of `30d` will keep only the backups of last 30 days. @@ -60,6 +68,14 @@ pub struct BackupScheduleSchedules { pub retention_period: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct BackupScheduleSchedulesParameters { + /// Represents the name of the parameter. + pub name: String, + /// Represents the parameter values. + pub value: String, +} + /// BackupScheduleStatus defines the observed state of BackupSchedule. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BackupScheduleStatus { diff --git a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs index d50cf9c76..e2cecd206 100644 --- a/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs +++ b/kube-custom-resources-rs/src/dataprotection_kubeblocks_io/v1alpha1/restores.rs @@ -42,6 +42,10 @@ pub struct RestoreSpec { /// The priority of merging is as follows: `Restore env > Backup env > ActionSet env`. #[serde(default, skip_serializing_if = "Option::is_none")] pub env: Option>, + /// Specifies a list of name-value pairs representing parameters and their corresponding values. + /// Parameters match the schema specified in the `actionset.spec.parametersSchema` + #[serde(default, skip_serializing_if = "Option::is_none")] + pub parameters: Option>, /// Configuration for the action of "prepareData" phase, including the persistent volume claims /// that need to be restored and scheduling strategy of temporary recovery pod. #[serde(default, skip_serializing_if = "Option::is_none", rename = "prepareDataConfig")] @@ -209,6 +213,14 @@ pub struct RestoreEnvValueFromSecretKeyRef { pub optional: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RestoreParameters { + /// Represents the name of the parameter. + pub name: String, + /// Represents the parameter values. + pub value: String, +} + /// Configuration for the action of "prepareData" phase, including the persistent volume claims /// that need to be restored and scheduling strategy of temporary recovery pod. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] diff --git a/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devicemodels.rs b/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devicemodels.rs index 68deb6f82..3cce23319 100644 --- a/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devicemodels.rs +++ b/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devicemodels.rs @@ -9,7 +9,8 @@ mod prelude { } use self::prelude::*; -/// DeviceModelSpec defines the model / template for a device.It is a blueprint which describes the device capabilities and access mechanism via property visitors. +/// DeviceModelSpec defines the model / template for a device.It is a blueprint which describes the device +/// capabilities and access mechanism via property visitors. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "devices.kubeedge.io", version = "v1alpha2", kind = "DeviceModel", plural = "devicemodels")] #[kube(namespaced)] diff --git a/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devices.rs b/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devices.rs index 908b88964..34b5535c1 100644 --- a/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devices.rs +++ b/kube-custom-resources-rs/src/devices_kubeedge_io/v1alpha2/devices.rs @@ -18,16 +18,20 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct DeviceSpec { - /// Data section describe a list of time-series properties which should be processed on edge node. + /// Data section describe a list of time-series properties which should be processed + /// on edge node. #[serde(default, skip_serializing_if = "Option::is_none")] pub data: Option, - /// Required: DeviceModelRef is reference to the device model used as a template to create the device instance. + /// Required: DeviceModelRef is reference to the device model used as a template + /// to create the device instance. #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceModelRef")] pub device_model_ref: Option, - /// NodeSelector indicates the binding preferences between devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector for more details + /// NodeSelector indicates the binding preferences between devices and nodes. + /// Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector for more details #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option, - /// List of property visitors which describe how to access the device properties. PropertyVisitors must unique by propertyVisitor.propertyName. + /// List of property visitors which describe how to access the device properties. + /// PropertyVisitors must unique by propertyVisitor.propertyName. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propertyVisitors")] pub property_visitors: Option>, /// Required: The protocol configuration used to connect to the device. @@ -35,13 +39,16 @@ pub struct DeviceSpec { pub protocol: Option, } -/// Data section describe a list of time-series properties which should be processed on edge node. +/// Data section describe a list of time-series properties which should be processed +/// on edge node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceData { /// Required: A list of data properties, which are not required to be processed by edgecore #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataProperties")] pub data_properties: Option>, - /// Topic used by mapper, all data collected from dataProperties should be published to this topic, the default value is $ke/events/device/+/data/update + /// Topic used by mapper, all data collected from dataProperties + /// should be published to this topic, + /// the default value is $ke/events/device/+/data/update #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataTopic")] pub data_topic: Option, } @@ -52,20 +59,25 @@ pub struct DeviceDataDataProperties { /// Additional metadata like timestamp when the value was reported etc. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option>, - /// Required: The property name for which should be processed by external apps. This property should be present in the device model. + /// Required: The property name for which should be processed by external apps. + /// This property should be present in the device model. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propertyName")] pub property_name: Option, } -/// Required: DeviceModelRef is reference to the device model used as a template to create the device instance. +/// Required: DeviceModelRef is reference to the device model used as a template +/// to create the device instance. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceDeviceModelRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// NodeSelector indicates the binding preferences between devices and nodes. Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector for more details +/// NodeSelector indicates the binding preferences between devices and nodes. +/// Refer to k8s.io/kubernetes/pkg/apis/core NodeSelector for more details #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceNodeSelector { /// Required. A list of node selector terms. The terms are ORed. @@ -73,7 +85,9 @@ pub struct DeviceNodeSelector { pub node_selector_terms: Vec, } -/// A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +/// A null or empty node selector term matches no objects. The requirements of +/// them are ANDed. +/// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceNodeSelectorNodeSelectorTerms { /// A list of node selector requirements by node's labels. @@ -84,31 +98,45 @@ pub struct DeviceNodeSelectorNodeSelectorTerms { pub match_fields: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceNodeSelectorNodeSelectorTermsMatchExpressions { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A node selector requirement is a selector that contains values, a key, and an operator +/// that relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceNodeSelectorNodeSelectorTermsMatchFields { /// The label key that the selector applies to. pub key: String, - /// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + /// Represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. pub operator: String, - /// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + /// An array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. If the operator is Gt or Lt, the values + /// array must have a single element, which will be interpreted as an integer. + /// This array is replaced during a strategic merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } -/// DevicePropertyVisitor describes the specifics of accessing a particular device property. Visitors are intended to be consumed by device mappers which connect to devices and collect data / perform actions on the device. +/// DevicePropertyVisitor describes the specifics of accessing a particular device +/// property. Visitors are intended to be consumed by device mappers which connect to devices +/// and collect data / perform actions on the device. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DevicePropertyVisitors { /// Bluetooth represents a set of additional visitor config fields of bluetooth protocol. @@ -129,7 +157,8 @@ pub struct DevicePropertyVisitors { /// Opcua represents a set of additional visitor config fields of opc-ua protocol. #[serde(default, skip_serializing_if = "Option::is_none")] pub opcua: Option, - /// Required: The device property name to be accessed. This should refer to one of the device properties defined in the device model. + /// Required: The device property name to be accessed. This should refer to one of the + /// device properties defined in the device model. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propertyName")] pub property_name: Option, /// Define how frequent mapper will report the value. @@ -146,7 +175,8 @@ pub struct DevicePropertyVisitorsBluetooth { /// Responsible for converting the data being read from the bluetooth device into a form that is understandable by the platform #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataConverter")] pub data_converter: Option, - /// Responsible for converting the data coming from the platform into a form that is understood by the bluetooth device For example: "ON":[1], "OFF":[0] + /// Responsible for converting the data coming from the platform into a form that is understood by the bluetooth device + /// For example: "ON":[1], "OFF":[0] #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataWrite")] pub data_write: Option>, } @@ -154,7 +184,8 @@ pub struct DevicePropertyVisitorsBluetooth { /// Responsible for converting the data being read from the bluetooth device into a form that is understandable by the platform #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DevicePropertyVisitorsBluetoothDataConverter { - /// Required: Specifies the end index of incoming byte stream to be considered to convert the data the value specified should be inclusive for example if 3 is specified it includes the third index + /// Required: Specifies the end index of incoming byte stream to be considered to convert the data + /// the value specified should be inclusive for example if 3 is specified it includes the third index #[serde(default, skip_serializing_if = "Option::is_none", rename = "endIndex")] pub end_index: Option, /// Specifies in what order the operations(which are required to be performed to convert incoming data into understandable form) are performed @@ -166,7 +197,8 @@ pub struct DevicePropertyVisitorsBluetoothDataConverter { /// Refers to the number of bits to shift right, if right-shift operation is necessary for conversion #[serde(default, skip_serializing_if = "Option::is_none", rename = "shiftRight")] pub shift_right: Option, - /// Required: Specifies the start index of the incoming byte stream to be considered to convert the data. For example: start-index:2, end-index:3 concatenates the value present at second and third index of the incoming byte stream. If we want to reverse the order we can give it as start-index:3, end-index:2 + /// Required: Specifies the start index of the incoming byte stream to be considered to convert the data. + /// For example: start-index:2, end-index:3 concatenates the value present at second and third index of the incoming byte stream. If we want to reverse the order we can give it as start-index:3, end-index:2 #[serde(default, skip_serializing_if = "Option::is_none", rename = "startIndex")] pub start_index: Option, } @@ -196,10 +228,12 @@ pub struct DevicePropertyVisitorsCustomizedProtocol { /// Modbus represents a set of additional visitor config fields of modbus protocol. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DevicePropertyVisitorsModbus { - /// Indicates whether the high and low register swapped. Defaults to false. + /// Indicates whether the high and low register swapped. + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "isRegisterSwap")] pub is_register_swap: Option, - /// Indicates whether the high and low byte swapped. Defaults to false. + /// Indicates whether the high and low byte swapped. + /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "isSwap")] pub is_swap: Option, /// Required: Limit number of registers to read/write. @@ -211,7 +245,8 @@ pub struct DevicePropertyVisitorsModbus { /// Required: Type of register #[serde(default, skip_serializing_if = "Option::is_none")] pub register: Option, - /// The scale to convert raw property data into final units. Defaults to 1.0 + /// The scale to convert raw property data into final units. + /// Defaults to 1.0 #[serde(default, skip_serializing_if = "Option::is_none")] pub scale: Option, } @@ -406,7 +441,8 @@ pub struct DeviceProtocolCustomizedProtocol { /// Any config data #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] pub config_data: Option>, - /// Unique protocol name Required. + /// Unique protocol name + /// Required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protocolName")] pub protocol_name: Option, } @@ -451,18 +487,26 @@ pub struct DeviceProtocolOpcua { /// DeviceStatus reports the device state and the desired/reported values of twin attributes. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceStatus { - /// A list of device twins containing desired/reported desired/reported values of twin properties. Optional: A passive device won't have twin properties and this list could be empty. + /// A list of device twins containing desired/reported desired/reported values of twin properties. + /// Optional: A passive device won't have twin properties and this list could be empty. #[serde(default, skip_serializing_if = "Option::is_none")] pub twins: Option>, } -/// Twin provides a logical representation of control properties (writable properties in the device model). The properties can have a Desired state and a Reported state. The cloud configures the `Desired`state of a device property and this configuration update is pushed to the edge node. The mapper sends a command to the device to change this property value as per the desired state . It receives the `Reported` state of the property once the previous operation is complete and sends the reported state to the cloud. Offline device interaction in the edge is possible via twin properties for control/command operations. +/// Twin provides a logical representation of control properties (writable properties in the +/// device model). The properties can have a Desired state and a Reported state. The cloud configures +/// the `Desired`state of a device property and this configuration update is pushed to the edge node. +/// The mapper sends a command to the device to change this property value as per the desired state . +/// It receives the `Reported` state of the property once the previous operation is complete and sends +/// the reported state to the cloud. Offline device interaction in the edge is possible via twin +/// properties for control/command operations. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceStatusTwins { /// Required: the desired property value. #[serde(default, skip_serializing_if = "Option::is_none")] pub desired: Option, - /// Required: The property name for which the desired/reported values are specified. This property should be present in the device model. + /// Required: The property name for which the desired/reported values are specified. + /// This property should be present in the device model. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propertyName")] pub property_name: Option, /// Required: the reported property value. diff --git a/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devicemodels.rs b/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devicemodels.rs index 0ee8ffaae..55d23c908 100644 --- a/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devicemodels.rs +++ b/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devicemodels.rs @@ -9,7 +9,8 @@ mod prelude { } use self::prelude::*; -/// DeviceModelSpec defines the model for a device.It is a blueprint which describes the device capabilities and access mechanism via property visitors. +/// DeviceModelSpec defines the model for a device.It is a blueprint which describes the device +/// capabilities and access mechanism via property visitors. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "devices.kubeedge.io", version = "v1beta1", kind = "DeviceModel", plural = "devicemodels")] #[kube(namespaced)] @@ -38,7 +39,8 @@ pub struct DeviceModelProperties { pub maximum: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub minimum: Option, - /// Required: The device property name. Note: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo + /// Required: The device property name. + /// Note: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Required: Type of device property, ENUM: INT,FLOAT,DOUBLE,STRING,BOOLEAN,BYTES,STREAM diff --git a/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devices.rs b/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devices.rs index 0b542e844..a4e058816 100644 --- a/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devices.rs +++ b/kube-custom-resources-rs/src/devices_kubeedge_io/v1beta1/devices.rs @@ -18,16 +18,21 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct DeviceSpec { - /// Required: DeviceModelRef is reference to the device model used as a template to create the device instance. + /// Required: DeviceModelRef is reference to the device model used as a template + /// to create the device instance. #[serde(default, skip_serializing_if = "Option::is_none", rename = "deviceModelRef")] pub device_model_ref: Option, - /// List of methods of device. methods list item must be unique by method.Name. + /// List of methods of device. + /// methods list item must be unique by method.Name. #[serde(default, skip_serializing_if = "Option::is_none")] pub methods: Option>, - /// NodeName is a request to schedule this device onto a specific node. If it is non-empty, the scheduler simply schedules this device onto that node, assuming that it fits resource requirements. + /// NodeName is a request to schedule this device onto a specific node. If it is non-empty, + /// the scheduler simply schedules this device onto that node, assuming that it fits + /// resource requirements. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeName")] pub node_name: Option, - /// List of properties which describe the device properties. properties list item must be unique by properties.Name. + /// List of properties which describe the device properties. + /// properties list item must be unique by properties.Name. #[serde(default, skip_serializing_if = "Option::is_none")] pub properties: Option>, /// Required: The protocol configuration used to connect to the device. @@ -35,10 +40,13 @@ pub struct DeviceSpec { pub protocol: Option, } -/// Required: DeviceModelRef is reference to the device model used as a template to create the device instance. +/// Required: DeviceModelRef is reference to the device model used as a template +/// to create the device instance. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceDeviceModelRef { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -52,7 +60,8 @@ pub struct DeviceMethods { /// Required: The device method name to be accessed. It must be unique. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// PropertyNames are list of device properties that device methods can control. Required: A device method can control multiple device properties. + /// PropertyNames are list of device properties that device methods can control. + /// Required: A device method can control multiple device properties. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propertyNames")] pub property_names: Option>, } @@ -66,10 +75,12 @@ pub struct DeviceProperties { /// The desired property value. #[serde(default, skip_serializing_if = "Option::is_none")] pub desired: Option, - /// Required: The device property name to be accessed. It must be unique. Note: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo + /// Required: The device property name to be accessed. It must be unique. + /// Note: If you need to use the built-in stream data processing function, you need to define Name as saveFrame or saveVideo #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// PushMethod represents the protocol used to push data, please ensure that the mapper can access the destination address. + /// PushMethod represents the protocol used to push data, + /// please ensure that the mapper can access the destination address. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pushMethod")] pub push_method: Option, /// Define how frequent mapper will report the value. @@ -78,7 +89,9 @@ pub struct DeviceProperties { /// whether be reported to the cloud #[serde(default, skip_serializing_if = "Option::is_none", rename = "reportToCloud")] pub report_to_cloud: Option, - /// Visitors are intended to be consumed by device mappers which connect to devices and collect data / perform actions on the device. Required: Protocol relevant config details about the how to access the device property. + /// Visitors are intended to be consumed by device mappers which connect to devices + /// and collect data / perform actions on the device. + /// Required: Protocol relevant config details about the how to access the device property. #[serde(default, skip_serializing_if = "Option::is_none")] pub visitors: Option, } @@ -93,10 +106,12 @@ pub struct DevicePropertiesDesired { pub value: String, } -/// PushMethod represents the protocol used to push data, please ensure that the mapper can access the destination address. +/// PushMethod represents the protocol used to push data, +/// please ensure that the mapper can access the destination address. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DevicePropertiesPushMethod { - /// DBMethod represents the method used to push data to database, please ensure that the mapper can access the destination address. + /// DBMethod represents the method used to push data to database, + /// please ensure that the mapper can access the destination address. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dbMethod")] pub db_method: Option, /// HTTP Push method configuration for http @@ -110,7 +125,8 @@ pub struct DevicePropertiesPushMethod { pub otel: Option, } -/// DBMethod represents the method used to push data to database, please ensure that the mapper can access the destination address. +/// DBMethod represents the method used to push data to database, +/// please ensure that the mapper can access the destination address. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DevicePropertiesPushMethodDbMethod { #[serde(default, skip_serializing_if = "Option::is_none", rename = "TDEngine")] @@ -262,7 +278,9 @@ pub struct DevicePropertiesPushMethodOtel { pub endpoint_url: Option, } -/// Visitors are intended to be consumed by device mappers which connect to devices and collect data / perform actions on the device. Required: Protocol relevant config details about the how to access the device property. +/// Visitors are intended to be consumed by device mappers which connect to devices +/// and collect data / perform actions on the device. +/// Required: Protocol relevant config details about the how to access the device property. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DevicePropertiesVisitors { /// Required: The configData of customized protocol @@ -279,7 +297,8 @@ pub struct DeviceProtocol { /// Any config data #[serde(default, skip_serializing_if = "Option::is_none", rename = "configData")] pub config_data: Option>, - /// Unique protocol name Required. + /// Unique protocol name + /// Required. #[serde(default, skip_serializing_if = "Option::is_none", rename = "protocolName")] pub protocol_name: Option, } @@ -299,18 +318,30 @@ pub struct DeviceStatus { /// Optional: The state of the device. #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, - /// A list of device twins containing desired/reported desired/reported values of twin properties. Optional: A passive device won't have twin properties and this list could be empty. + /// A list of device twins containing desired/reported desired/reported values of twin properties. + /// Optional: A passive device won't have twin properties and this list could be empty. #[serde(default, skip_serializing_if = "Option::is_none")] pub twins: Option>, } -/// Twin provides a logical representation of control properties (writable properties in the device model). The properties can have a Desired state and a Reported state. The cloud configures the `Desired`state of a device property and this configuration update is pushed to the edge node. The mapper sends a command to the device to change this property value as per the desired state . It receives the `Reported` state of the property once the previous operation is complete and sends the reported state to the cloud. Offline device interaction in the edge is possible via twin properties for control/command operations. +/// Twin provides a logical representation of control properties (writable properties in the +/// device model). The properties can have a Desired state and a Reported state. The cloud configures +/// the `Desired`state of a device property and this configuration update is pushed to the edge node. +/// The mapper sends a command to the device to change this property value as per the desired state . +/// It receives the `Reported` state of the property once the previous operation is complete and sends +/// the reported state to the cloud. Offline device interaction in the edge is possible via twin +/// properties for control/command operations. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceStatusTwins { - /// The meaning of here is to indicate desired value of `deviceProperty.Desired` that the mapper has received in current cycle. Useful in cases that people want to check whether the mapper is working appropriately and its internal status is up-to-date. This value should be only updated by devicecontroller upstream. + /// The meaning of here is to indicate desired value of `deviceProperty.Desired` + /// that the mapper has received in current cycle. + /// Useful in cases that people want to check whether the mapper is working + /// appropriately and its internal status is up-to-date. + /// This value should be only updated by devicecontroller upstream. #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedDesired")] pub observed_desired: Option, - /// Required: The property name for which the desired/reported values are specified. This property should be present in the device model. + /// Required: The property name for which the desired/reported values are specified. + /// This property should be present in the device model. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propertyName")] pub property_name: Option, /// Required: the reported property value. @@ -318,7 +349,11 @@ pub struct DeviceStatusTwins { pub reported: Option, } -/// The meaning of here is to indicate desired value of `deviceProperty.Desired` that the mapper has received in current cycle. Useful in cases that people want to check whether the mapper is working appropriately and its internal status is up-to-date. This value should be only updated by devicecontroller upstream. +/// The meaning of here is to indicate desired value of `deviceProperty.Desired` +/// that the mapper has received in current cycle. +/// Useful in cases that people want to check whether the mapper is working +/// appropriately and its internal status is up-to-date. +/// This value should be only updated by devicecontroller upstream. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct DeviceStatusTwinsObservedDesired { /// Additional metadata like timestamp when the value was reported etc. diff --git a/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs b/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs index 454dd4c61..0722caaed 100644 --- a/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs +++ b/kube-custom-resources-rs/src/digitalis_io/v1/valssecrets.rs @@ -24,6 +24,8 @@ pub struct ValsSecretSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, #[serde(default, skip_serializing_if = "Option::is_none")] + pub rollout: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] pub template: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub ttl: Option, @@ -36,7 +38,8 @@ pub struct ValsSecretData { /// Encoding type for the secret. Only base64 supported. Optional #[serde(default, skip_serializing_if = "Option::is_none")] pub encoding: Option, - /// Ref value to the secret in the format ref+backend://path https://github.com/helmfile/vals + /// Ref value to the secret in the format ref+backend://path + /// https://github.com/helmfile/vals #[serde(default, skip_serializing_if = "Option::is_none", rename = "ref")] pub r#ref: Option, } @@ -82,6 +85,15 @@ pub struct ValsSecretDatabasesLoginCredentials { pub username_key: Option, } +/// RolloutTarget sets up what deployment or sts to restart +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ValsSecretRollout { + /// Kind is either Deployment, Pod or StatefulSet + pub kind: String, + /// Name is the object name + pub name: String, +} + /// ValsSecretStatus defines the observed state of ValsSecret #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ValsSecretStatus { diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/clustersecretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/clustersecretstores.rs index 00419764b..48588acd3 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/clustersecretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/clustersecretstores.rs @@ -139,15 +139,15 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefKubernetesAuth { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefKubernetesAuthSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -165,8 +165,8 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefKubernetesAuthServiceA pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -178,11 +178,11 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessID")] pub access_id: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessType")] pub access_type: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTypeParam")] pub access_type_param: Option, @@ -191,49 +191,49 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessType { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessTypeParam { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -241,7 +241,7 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessTypePar /// The provider for the CA bundle to use to validate Akeyless Gateway certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -309,15 +309,15 @@ pub struct ClusterSecretStoreProviderAlibabaAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -325,15 +325,15 @@ pub struct ClusterSecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { /// The AccessKeySecret is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAlibabaAuthSecretRefAccessKeySecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -387,8 +387,8 @@ pub struct ClusterSecretStoreProviderAwsAuthJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -408,15 +408,15 @@ pub struct ClusterSecretStoreProviderAwsAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -424,15 +424,15 @@ pub struct ClusterSecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAwsAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -485,15 +485,15 @@ pub struct ClusterSecretStoreProviderAzurekvAuthSecretRef { /// The Azure clientId of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -501,15 +501,15 @@ pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientId { /// The Azure ClientSecret of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientSecret { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -533,8 +533,8 @@ pub struct ClusterSecretStoreProviderAzurekvServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -586,15 +586,15 @@ pub struct ClusterSecretStoreProviderGcpsmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderGcpsmAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -622,8 +622,8 @@ pub struct ClusterSecretStoreProviderGcpsmAuthWorkloadIdentityServiceAccountRef pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -658,15 +658,15 @@ pub struct ClusterSecretStoreProviderGitlabAuthSecretRef { /// AccessToken is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderGitlabAuthSecretRefAccessToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -698,15 +698,15 @@ pub struct ClusterSecretStoreProviderIbmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderIbmAuthSecretRefSecretApiKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -741,46 +741,46 @@ pub struct ClusterSecretStoreProviderKubernetesAuth { /// has both clientCert and clientKey as secretKeySelector #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthCert { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCert")] pub client_cert: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKey")] pub client_key: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthCertClientKey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -803,8 +803,8 @@ pub struct ClusterSecretStoreProviderKubernetesAuthServiceAccountServiceAccount pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -812,25 +812,25 @@ pub struct ClusterSecretStoreProviderKubernetesAuthServiceAccountServiceAccount /// use static token to authenticate with #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthToken { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthTokenBearerToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -852,7 +852,7 @@ pub struct ClusterSecretStoreProviderKubernetesServer { /// see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesServerCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -929,15 +929,15 @@ pub struct ClusterSecretStoreProviderOracleAuthSecretRef { /// Fingerprint is the fingerprint of the API private key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOracleAuthSecretRefFingerprint { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -945,15 +945,15 @@ pub struct ClusterSecretStoreProviderOracleAuthSecretRefFingerprint { /// PrivateKey is the user's API Signing Key in PEM format, used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOracleAuthSecretRefPrivatekey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -979,8 +979,8 @@ pub struct ClusterSecretStoreProviderOracleServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1013,15 +1013,15 @@ pub struct ClusterSecretStoreProviderPassworddepotAuthSecretRef { /// Username / Password is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPassworddepotAuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1124,15 +1124,15 @@ pub struct ClusterSecretStoreProviderVaultAuthAppRole { /// resource is used as the app role secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthAppRoleSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1155,15 +1155,15 @@ pub struct ClusterSecretStoreProviderVaultAuthCert { /// authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1172,15 +1172,15 @@ pub struct ClusterSecretStoreProviderVaultAuthCertClientCert { /// authenticate with Vault using the Cert authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1236,8 +1236,8 @@ pub struct ClusterSecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenSe pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1246,15 +1246,15 @@ pub struct ClusterSecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenSe /// authenticate with Vault using the JWT/OIDC authentication method. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthJwtSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1290,15 +1290,15 @@ pub struct ClusterSecretStoreProviderVaultAuthKubernetes { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthKubernetesSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1316,8 +1316,8 @@ pub struct ClusterSecretStoreProviderVaultAuthKubernetesServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1344,15 +1344,15 @@ pub struct ClusterSecretStoreProviderVaultAuthLdap { /// method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthLdapSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1360,15 +1360,15 @@ pub struct ClusterSecretStoreProviderVaultAuthLdapSecretRef { /// TokenSecretRef authenticates with Vault by presenting a token. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1376,7 +1376,7 @@ pub struct ClusterSecretStoreProviderVaultAuthTokenSecretRef { /// The provider for the CA bundle to use to validate Vault server certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterSecretStoreProviderVaultCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -1442,7 +1442,7 @@ pub struct ClusterSecretStoreProviderWebhook { /// The provider for the CA bundle to use to validate webhook server certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterSecretStoreProviderWebhookCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -1482,15 +1482,15 @@ pub struct ClusterSecretStoreProviderWebhookSecrets { /// Secret ref to fill in credentials #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderWebhookSecretsSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1519,15 +1519,15 @@ pub struct ClusterSecretStoreProviderYandexlockboxAuth { /// The authorized key used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1535,25 +1535,25 @@ pub struct ClusterSecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { /// The provider for the CA bundle to use to validate Yandex.Cloud server certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexlockboxCaProvider { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexlockboxCaProviderCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs index 525d60145..40407f6ba 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/externalsecrets.rs @@ -46,6 +46,7 @@ pub struct ExternalSecretData { /// ExternalSecretDataRemoteRef defines Provider data location. #[serde(rename = "remoteRef")] pub remote_ref: ExternalSecretDataRemoteRef, + /// The key in the Kubernetes Secret to store the value. #[serde(rename = "secretKey")] pub secret_key: String, } @@ -102,24 +103,31 @@ pub struct ExternalSecretSecretStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ExternalSecretSecretStoreRefKind { + SecretStore, + ClusterSecretStore, } /// ExternalSecretTarget defines the Kubernetes Secret to be created /// There can be only one target per ExternalSecret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTarget { - /// CreationPolicy defines rules on how to create the resulting Secret - /// Defaults to 'Owner' + /// CreationPolicy defines rules on how to create the resulting Secret. + /// Defaults to "Owner" #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationPolicy")] pub creation_policy: Option, /// Immutable defines if the final secret will be immutable #[serde(default, skip_serializing_if = "Option::is_none")] pub immutable: Option, - /// Name defines the name of the Secret resource to be managed - /// This field is immutable + /// The name of the Secret resource to be managed. /// Defaults to the .metadata.name of the ExternalSecret resource #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -184,23 +192,29 @@ pub struct ExternalSecretTargetTemplateTemplateFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromConfigMap { + /// A list of keys in the ConfigMap/Secret to use as templates for Secret data pub items: Vec, + /// The name of the ConfigMap/Secret resource pub name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromConfigMapItems { + /// A key in the ConfigMap/Secret pub key: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromSecret { + /// A list of keys in the ConfigMap/Secret to use as templates for Secret data pub items: Vec, + /// The name of the ConfigMap/Secret resource pub name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromSecretItems { + /// A key in the ConfigMap/Secret pub key: String, } diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/secretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/secretstores.rs index d0dbd85dc..a844abfdc 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/secretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1alpha1/secretstores.rs @@ -140,15 +140,15 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefKubernetesAuth { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefKubernetesAuthSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -166,8 +166,8 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefKubernetesAuthServiceAccountR pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -179,11 +179,11 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessID")] pub access_id: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessType")] pub access_type: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTypeParam")] pub access_type_param: Option, @@ -192,49 +192,49 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessType { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessTypeParam { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -242,7 +242,7 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessTypeParam { /// The provider for the CA bundle to use to validate Akeyless Gateway certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct SecretStoreProviderAkeylessCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -310,15 +310,15 @@ pub struct SecretStoreProviderAlibabaAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -326,15 +326,15 @@ pub struct SecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { /// The AccessKeySecret is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAlibabaAuthSecretRefAccessKeySecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -388,8 +388,8 @@ pub struct SecretStoreProviderAwsAuthJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -409,15 +409,15 @@ pub struct SecretStoreProviderAwsAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -425,15 +425,15 @@ pub struct SecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAwsAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -486,15 +486,15 @@ pub struct SecretStoreProviderAzurekvAuthSecretRef { /// The Azure clientId of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAzurekvAuthSecretRefClientId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -502,15 +502,15 @@ pub struct SecretStoreProviderAzurekvAuthSecretRefClientId { /// The Azure ClientSecret of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAzurekvAuthSecretRefClientSecret { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -534,8 +534,8 @@ pub struct SecretStoreProviderAzurekvServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -587,15 +587,15 @@ pub struct SecretStoreProviderGcpsmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderGcpsmAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -623,8 +623,8 @@ pub struct SecretStoreProviderGcpsmAuthWorkloadIdentityServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -659,15 +659,15 @@ pub struct SecretStoreProviderGitlabAuthSecretRef { /// AccessToken is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderGitlabAuthSecretRefAccessToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -699,15 +699,15 @@ pub struct SecretStoreProviderIbmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderIbmAuthSecretRefSecretApiKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -742,46 +742,46 @@ pub struct SecretStoreProviderKubernetesAuth { /// has both clientCert and clientKey as secretKeySelector #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthCert { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCert")] pub client_cert: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKey")] pub client_key: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthCertClientKey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -804,8 +804,8 @@ pub struct SecretStoreProviderKubernetesAuthServiceAccountServiceAccount { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -813,25 +813,25 @@ pub struct SecretStoreProviderKubernetesAuthServiceAccountServiceAccount { /// use static token to authenticate with #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthToken { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthTokenBearerToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -853,7 +853,7 @@ pub struct SecretStoreProviderKubernetesServer { /// see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct SecretStoreProviderKubernetesServerCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -930,15 +930,15 @@ pub struct SecretStoreProviderOracleAuthSecretRef { /// Fingerprint is the fingerprint of the API private key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOracleAuthSecretRefFingerprint { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -946,15 +946,15 @@ pub struct SecretStoreProviderOracleAuthSecretRefFingerprint { /// PrivateKey is the user's API Signing Key in PEM format, used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOracleAuthSecretRefPrivatekey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -980,8 +980,8 @@ pub struct SecretStoreProviderOracleServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1014,15 +1014,15 @@ pub struct SecretStoreProviderPassworddepotAuthSecretRef { /// Username / Password is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPassworddepotAuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1125,15 +1125,15 @@ pub struct SecretStoreProviderVaultAuthAppRole { /// resource is used as the app role secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthAppRoleSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1156,15 +1156,15 @@ pub struct SecretStoreProviderVaultAuthCert { /// authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1173,15 +1173,15 @@ pub struct SecretStoreProviderVaultAuthCertClientCert { /// authenticate with Vault using the Cert authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1237,8 +1237,8 @@ pub struct SecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenServiceAc pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1247,15 +1247,15 @@ pub struct SecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenServiceAc /// authenticate with Vault using the JWT/OIDC authentication method. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthJwtSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1291,15 +1291,15 @@ pub struct SecretStoreProviderVaultAuthKubernetes { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthKubernetesSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1317,8 +1317,8 @@ pub struct SecretStoreProviderVaultAuthKubernetesServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1345,15 +1345,15 @@ pub struct SecretStoreProviderVaultAuthLdap { /// method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthLdapSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1361,15 +1361,15 @@ pub struct SecretStoreProviderVaultAuthLdapSecretRef { /// TokenSecretRef authenticates with Vault by presenting a token. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1377,7 +1377,7 @@ pub struct SecretStoreProviderVaultAuthTokenSecretRef { /// The provider for the CA bundle to use to validate Vault server certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct SecretStoreProviderVaultCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -1443,7 +1443,7 @@ pub struct SecretStoreProviderWebhook { /// The provider for the CA bundle to use to validate webhook server certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct SecretStoreProviderWebhookCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -1483,15 +1483,15 @@ pub struct SecretStoreProviderWebhookSecrets { /// Secret ref to fill in credentials #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderWebhookSecretsSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1520,15 +1520,15 @@ pub struct SecretStoreProviderYandexlockboxAuth { /// The authorized key used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1536,25 +1536,25 @@ pub struct SecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { /// The provider for the CA bundle to use to validate Yandex.Cloud server certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexlockboxCaProvider { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexlockboxCaProviderCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs index 28ca0c70c..f62fc8800 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clusterexternalsecrets.rs @@ -21,7 +21,8 @@ pub struct ClusterExternalSecretSpec { /// The metadata of the external secrets to be created #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalSecretMetadata")] pub external_secret_metadata: Option, - /// The name of the external secrets to be created defaults to the name of the ClusterExternalSecret + /// The name of the external secrets to be created. + /// Defaults to the name of the ClusterExternalSecret #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalSecretName")] pub external_secret_name: Option, /// The spec for the ExternalSecrets to be created @@ -61,8 +62,10 @@ pub struct ClusterExternalSecretExternalSecretSpec { /// If multiple entries are specified, the Secret keys are merged in the specified order #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataFrom")] pub data_from: Option>, - /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider + /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + /// specified as Golang Duration strings. /// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + /// Example values: "1h", "2h30m", "5d", "10s" /// May be set to zero to fetch and create it once. Defaults to 1h. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, @@ -82,12 +85,11 @@ pub struct ClusterExternalSecretExternalSecretSpecData { /// which secret (version/property/..) to fetch. #[serde(rename = "remoteRef")] pub remote_ref: ClusterExternalSecretExternalSecretSpecDataRemoteRef, - /// SecretKey defines the key in which the controller stores - /// the value. This is the key in the Kind=Secret + /// The key in the Kubernetes Secret to store the value. #[serde(rename = "secretKey")] pub secret_key: String, /// SourceRef allows you to override the source - /// from which the value will pulled from. + /// from which the value will be pulled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceRef")] pub source_ref: Option, } @@ -143,7 +145,7 @@ pub enum ClusterExternalSecretExternalSecretSpecDataRemoteRefMetadataPolicy { } /// SourceRef allows you to override the source -/// from which the value will pulled from. +/// from which the value will be pulled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecDataSourceRef { /// GeneratorRef points to a generator custom resource. @@ -161,26 +163,58 @@ pub struct ClusterExternalSecretExternalSecretSpecDataSourceRef { /// /// Deprecated: The generatorRef is not implemented in .data[]. /// this will be removed with v1. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecDataSourceRefGeneratorRef { /// Specify the apiVersion of the generator resource #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. - pub kind: String, + /// Specify the Kind of the generator resource + pub kind: ClusterExternalSecretExternalSecretSpecDataSourceRefGeneratorRefKind, /// Specify the name of the generator resource pub name: String, } +/// GeneratorRef points to a generator custom resource. +/// +/// Deprecated: The generatorRef is not implemented in .data[]. +/// this will be removed with v1. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterExternalSecretExternalSecretSpecDataSourceRefGeneratorRefKind { + #[serde(rename = "ACRAccessToken")] + AcrAccessToken, + ClusterGenerator, + #[serde(rename = "ECRAuthorizationToken")] + EcrAuthorizationToken, + Fake, + #[serde(rename = "GCRAccessToken")] + GcrAccessToken, + GithubAccessToken, + Password, + #[serde(rename = "STSSessionToken")] + StsSessionToken, + #[serde(rename = "UUID")] + Uuid, + VaultDynamicSecret, + Webhook, +} + /// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecDataSourceRefStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterExternalSecretExternalSecretSpecDataSourceRefStoreRefKind { + SecretStore, + ClusterSecretStore, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -353,26 +387,55 @@ pub struct ClusterExternalSecretExternalSecretSpecDataFromSourceRef { } /// GeneratorRef points to a generator custom resource. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecDataFromSourceRefGeneratorRef { /// Specify the apiVersion of the generator resource #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. - pub kind: String, + /// Specify the Kind of the generator resource + pub kind: ClusterExternalSecretExternalSecretSpecDataFromSourceRefGeneratorRefKind, /// Specify the name of the generator resource pub name: String, } +/// GeneratorRef points to a generator custom resource. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterExternalSecretExternalSecretSpecDataFromSourceRefGeneratorRefKind { + #[serde(rename = "ACRAccessToken")] + AcrAccessToken, + ClusterGenerator, + #[serde(rename = "ECRAuthorizationToken")] + EcrAuthorizationToken, + Fake, + #[serde(rename = "GCRAccessToken")] + GcrAccessToken, + GithubAccessToken, + Password, + #[serde(rename = "STSSessionToken")] + StsSessionToken, + #[serde(rename = "UUID")] + Uuid, + VaultDynamicSecret, + Webhook, +} + /// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecDataFromSourceRefStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterExternalSecretExternalSecretSpecDataFromSourceRefStoreRefKind { + SecretStore, + ClusterSecretStore, } /// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. @@ -381,28 +444,35 @@ pub struct ClusterExternalSecretExternalSecretSpecSecretStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterExternalSecretExternalSecretSpecSecretStoreRefKind { + SecretStore, + ClusterSecretStore, } /// ExternalSecretTarget defines the Kubernetes Secret to be created /// There can be only one target per ExternalSecret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecTarget { - /// CreationPolicy defines rules on how to create the resulting Secret - /// Defaults to 'Owner' + /// CreationPolicy defines rules on how to create the resulting Secret. + /// Defaults to "Owner" #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationPolicy")] pub creation_policy: Option, - /// DeletionPolicy defines rules on how to delete the resulting Secret - /// Defaults to 'Retain' + /// DeletionPolicy defines rules on how to delete the resulting Secret. + /// Defaults to "Retain" #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPolicy")] pub deletion_policy: Option, /// Immutable defines if the final secret will be immutable #[serde(default, skip_serializing_if = "Option::is_none")] pub immutable: Option, - /// Name defines the name of the Secret resource to be managed - /// This field is immutable + /// The name of the Secret resource to be managed. /// Defaults to the .metadata.name of the ExternalSecret resource #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -490,12 +560,15 @@ pub struct ClusterExternalSecretExternalSecretSpecTargetTemplateTemplateFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecTargetTemplateTemplateFromConfigMap { + /// A list of keys in the ConfigMap/Secret to use as templates for Secret data pub items: Vec, + /// The name of the ConfigMap/Secret resource pub name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecTargetTemplateTemplateFromConfigMapItems { + /// A key in the ConfigMap/Secret pub key: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "templateAs")] pub template_as: Option, @@ -509,12 +582,15 @@ pub enum ClusterExternalSecretExternalSecretSpecTargetTemplateTemplateFromConfig #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecTargetTemplateTemplateFromSecret { + /// A list of keys in the ConfigMap/Secret to use as templates for Secret data pub items: Vec, + /// The name of the ConfigMap/Secret resource pub name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterExternalSecretExternalSecretSpecTargetTemplateTemplateFromSecretItems { + /// A key in the ConfigMap/Secret pub key: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "templateAs")] pub template_as: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs index 556e033ed..f5cfd74a0 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/clustersecretstores.rs @@ -248,15 +248,15 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefKubernetesAuth { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefKubernetesAuthSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -274,8 +274,8 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefKubernetesAuthServiceA pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -287,11 +287,11 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessID")] pub access_id: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessType")] pub access_type: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTypeParam")] pub access_type_param: Option, @@ -300,49 +300,49 @@ pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessType { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAkeylessAuthSecretRefSecretRefAccessTypeParam { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -419,15 +419,15 @@ pub struct ClusterSecretStoreProviderAlibabaAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -435,15 +435,15 @@ pub struct ClusterSecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { /// The AccessKeySecret is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAlibabaAuthSecretRefAccessKeySecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -515,8 +515,8 @@ pub struct ClusterSecretStoreProviderAwsAuthJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -541,15 +541,15 @@ pub struct ClusterSecretStoreProviderAwsAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -557,15 +557,15 @@ pub struct ClusterSecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAwsAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -575,15 +575,15 @@ pub struct ClusterSecretStoreProviderAwsAuthSecretRefSecretAccessKeySecretRef { /// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAwsAuthSecretRefSessionTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -673,15 +673,15 @@ pub struct ClusterSecretStoreProviderAzurekvAuthSecretRef { /// The Azure ClientCertificate of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientCertificate { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -689,15 +689,15 @@ pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientCertificate { /// The Azure clientId of the service principle or managed identity used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -705,15 +705,15 @@ pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientId { /// The Azure ClientSecret of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientSecret { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -721,15 +721,15 @@ pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefClientSecret { /// The Azure tenantId of the managed identity used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderAzurekvAuthSecretRefTenantId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -763,8 +763,8 @@ pub struct ClusterSecretStoreProviderAzurekvServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -781,19 +781,51 @@ pub struct ClusterSecretStoreProviderBeyondtrust { /// Auth configures how the operator authenticates with Beyondtrust. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuth { - /// Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + /// APIKey If not provided then ClientID/ClientSecret become required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. #[serde(default, skip_serializing_if = "Option::is_none")] pub certificate: Option, /// Certificate private key (key.pem). For use when authenticating with an OAuth client Id #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateKey")] pub certificate_key: Option, - #[serde(rename = "clientId")] - pub client_id: ClusterSecretStoreProviderBeyondtrustAuthClientId, - #[serde(rename = "clientSecret")] - pub client_secret: ClusterSecretStoreProviderBeyondtrustAuthClientSecret, + /// ClientID is the API OAuth Client ID. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientId")] + pub client_id: Option, + /// ClientSecret is the API OAuth Client Secret. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientSecret")] + pub client_secret: Option, } -/// Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. +/// APIKey If not provided then ClientID/ClientSecret become required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSecretStoreProviderBeyondtrustAuthApiKey { + /// SecretRef references a key in a secret that will be used as value. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// Value can be specified directly to set a value without using a secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// SecretRef references a key in a secret that will be used as value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterSecretStoreProviderBeyondtrustAuthApiKeySecretRef { + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// The name of the Secret resource being referred to. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthCertificate { /// SecretRef references a key in a secret that will be used as value. @@ -807,15 +839,15 @@ pub struct ClusterSecretStoreProviderBeyondtrustAuthCertificate { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthCertificateSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -834,19 +866,20 @@ pub struct ClusterSecretStoreProviderBeyondtrustAuthCertificateKey { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthCertificateKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } +/// ClientID is the API OAuth Client ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthClientId { /// SecretRef references a key in a secret that will be used as value. @@ -860,19 +893,20 @@ pub struct ClusterSecretStoreProviderBeyondtrustAuthClientId { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthClientIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } +/// ClientSecret is the API OAuth Client Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthClientSecret { /// SecretRef references a key in a secret that will be used as value. @@ -886,15 +920,15 @@ pub struct ClusterSecretStoreProviderBeyondtrustAuthClientSecret { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBeyondtrustAuthClientSecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -963,15 +997,15 @@ pub struct ClusterSecretStoreProviderBitwardensecretsmanagerAuthSecretRef { /// AccessToken used for the bitwarden instance. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderBitwardensecretsmanagerAuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1031,15 +1065,15 @@ pub struct ClusterSecretStoreProviderChefAuthSecretRef { /// SecretKey is the Signing Key in PEM format, used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderChefAuthSecretRefPrivateKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1069,46 +1103,46 @@ pub struct ClusterSecretStoreProviderConjurAuth { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderConjurAuthApikey { pub account: String, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "apiKeyRef")] pub api_key_ref: ClusterSecretStoreProviderConjurAuthApikeyApiKeyRef, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "userRef")] pub user_ref: ClusterSecretStoreProviderConjurAuthApikeyUserRef, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderConjurAuthApikeyApiKeyRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderConjurAuthApikeyUserRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1137,15 +1171,15 @@ pub struct ClusterSecretStoreProviderConjurAuthJwt { /// authenticate with Conjur using the JWT authentication method. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderConjurAuthJwtSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1161,8 +1195,8 @@ pub struct ClusterSecretStoreProviderConjurAuthJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1231,15 +1265,15 @@ pub struct ClusterSecretStoreProviderDelineaClientId { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderDelineaClientIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1258,15 +1292,15 @@ pub struct ClusterSecretStoreProviderDelineaClientSecret { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderDelineaClientSecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1297,15 +1331,15 @@ pub struct ClusterSecretStoreProviderDevice42AuthSecretRef { /// Username / Password is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderDevice42AuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1350,15 +1384,15 @@ pub struct ClusterSecretStoreProviderDopplerAuthSecretRef { /// The Key attribute defaults to dopplerToken if not specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderDopplerAuthSecretRefDopplerToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1435,15 +1469,15 @@ pub struct ClusterSecretStoreProviderFortanixApiKey { /// SecretRef is a reference to a secret containing the SDKMS API Key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderFortanixApiKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1481,15 +1515,15 @@ pub struct ClusterSecretStoreProviderGcpsmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderGcpsmAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1517,8 +1551,8 @@ pub struct ClusterSecretStoreProviderGcpsmAuthWorkloadIdentityServiceAccountRef pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1562,15 +1596,15 @@ pub struct ClusterSecretStoreProviderGitlabAuthSecretRef { /// AccessToken is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderGitlabAuthSecretRefAccessToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1617,15 +1651,15 @@ pub struct ClusterSecretStoreProviderIbmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderIbmAuthSecretRefSecretApiKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1650,46 +1684,46 @@ pub struct ClusterSecretStoreProviderInfisicalAuth { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderInfisicalAuthUniversalAuthCredentials { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "clientId")] pub client_id: ClusterSecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientId, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "clientSecret")] pub client_secret: ClusterSecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientSecret, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientSecret { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1709,7 +1743,7 @@ pub struct ClusterSecretStoreProviderInfisicalSecretsScope { /// KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKeepersecurity { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "authRef")] pub auth_ref: ClusterSecretStoreProviderKeepersecurityAuthRef, @@ -1717,19 +1751,19 @@ pub struct ClusterSecretStoreProviderKeepersecurity { pub folder_id: String, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKeepersecurityAuthRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1768,46 +1802,46 @@ pub struct ClusterSecretStoreProviderKubernetesAuth { /// has both clientCert and clientKey as secretKeySelector #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthCert { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCert")] pub client_cert: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKey")] pub client_key: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthCertClientKey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1822,8 +1856,8 @@ pub struct ClusterSecretStoreProviderKubernetesAuthServiceAccount { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1831,25 +1865,25 @@ pub struct ClusterSecretStoreProviderKubernetesAuthServiceAccount { /// use static token to authenticate with #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthToken { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthTokenBearerToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1857,15 +1891,15 @@ pub struct ClusterSecretStoreProviderKubernetesAuthTokenBearerToken { /// A reference to a secret that contains the auth information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderKubernetesAuthRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1938,15 +1972,15 @@ pub struct ClusterSecretStoreProviderOnboardbaseAuth { /// It is used to recognize and authorize access to a project and environment within onboardbase #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOnboardbaseAuthApiKeyRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1954,15 +1988,15 @@ pub struct ClusterSecretStoreProviderOnboardbaseAuthApiKeyRef { /// OnboardbasePasscode is the passcode attached to the API Key #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOnboardbaseAuthPasscodeRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1998,15 +2032,15 @@ pub struct ClusterSecretStoreProviderOnepasswordAuthSecretRef { /// The ConnectToken is used for authentication to a 1Password Connect Server. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOnepasswordAuthSecretRefConnectTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2066,15 +2100,15 @@ pub struct ClusterSecretStoreProviderOracleAuthSecretRef { /// Fingerprint is the fingerprint of the API private key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOracleAuthSecretRefFingerprint { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2082,15 +2116,15 @@ pub struct ClusterSecretStoreProviderOracleAuthSecretRefFingerprint { /// PrivateKey is the user's API Signing Key in PEM format, used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderOracleAuthSecretRefPrivatekey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2116,8 +2150,8 @@ pub struct ClusterSecretStoreProviderOracleServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2133,46 +2167,46 @@ pub struct ClusterSecretStoreProviderPassbolt { /// Auth defines the information necessary to authenticate against Passbolt Server #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPassboltAuth { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "passwordSecretRef")] pub password_secret_ref: ClusterSecretStoreProviderPassboltAuthPasswordSecretRef, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "privateKeySecretRef")] pub private_key_secret_ref: ClusterSecretStoreProviderPassboltAuthPrivateKeySecretRef, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPassboltAuthPasswordSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPassboltAuthPrivateKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2205,15 +2239,15 @@ pub struct ClusterSecretStoreProviderPassworddepotAuthSecretRef { /// Username / Password is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPassworddepotAuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2246,15 +2280,15 @@ pub struct ClusterSecretStoreProviderPreviderAuthSecretRef { /// The AccessToken is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPreviderAuthSecretRefAccessToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2291,15 +2325,15 @@ pub struct ClusterSecretStoreProviderPulumiAccessToken { /// SecretRef is a reference to a secret containing the Pulumi API token. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderPulumiAccessTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2337,15 +2371,15 @@ pub struct ClusterSecretStoreProviderScalewayAccessKey { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderScalewayAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2364,15 +2398,15 @@ pub struct ClusterSecretStoreProviderScalewaySecretKey { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderScalewaySecretKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2405,15 +2439,15 @@ pub struct ClusterSecretStoreProviderSecretserverPassword { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderSecretserverPasswordSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2432,15 +2466,15 @@ pub struct ClusterSecretStoreProviderSecretserverUsername { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderSecretserverUsernameSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2464,25 +2498,25 @@ pub struct ClusterSecretStoreProviderSenhasegura { pub struct ClusterSecretStoreProviderSenhaseguraAuth { #[serde(rename = "clientId")] pub client_id: String, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "clientSecretSecretRef")] pub client_secret_secret_ref: ClusterSecretStoreProviderSenhaseguraAuthClientSecretSecretRef, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderSenhaseguraAuthClientSecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2615,15 +2649,15 @@ pub struct ClusterSecretStoreProviderVaultAuthAppRole { /// resource is used as the app role id. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthAppRoleRoleRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2634,15 +2668,15 @@ pub struct ClusterSecretStoreProviderVaultAuthAppRoleRoleRef { /// resource is used as the app role secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthAppRoleSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2665,15 +2699,15 @@ pub struct ClusterSecretStoreProviderVaultAuthCert { /// authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2682,15 +2716,15 @@ pub struct ClusterSecretStoreProviderVaultAuthCertClientCert { /// authenticate with Vault using the Cert authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2743,8 +2777,8 @@ pub struct ClusterSecretStoreProviderVaultAuthIamJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2768,15 +2802,15 @@ pub struct ClusterSecretStoreProviderVaultAuthIamSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthIamSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2784,15 +2818,15 @@ pub struct ClusterSecretStoreProviderVaultAuthIamSecretRefAccessKeyIdSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthIamSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2802,15 +2836,15 @@ pub struct ClusterSecretStoreProviderVaultAuthIamSecretRefSecretAccessKeySecretR /// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthIamSecretRefSessionTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2868,8 +2902,8 @@ pub struct ClusterSecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenSe pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2878,15 +2912,15 @@ pub struct ClusterSecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenSe /// authenticate with Vault using the JWT/OIDC authentication method. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthJwtSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2922,15 +2956,15 @@ pub struct ClusterSecretStoreProviderVaultAuthKubernetes { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthKubernetesSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2948,8 +2982,8 @@ pub struct ClusterSecretStoreProviderVaultAuthKubernetesServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2976,15 +3010,15 @@ pub struct ClusterSecretStoreProviderVaultAuthLdap { /// method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthLdapSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2992,15 +3026,15 @@ pub struct ClusterSecretStoreProviderVaultAuthLdapSecretRef { /// TokenSecretRef authenticates with Vault by presenting a token. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3026,15 +3060,15 @@ pub struct ClusterSecretStoreProviderVaultAuthUserPass { /// method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultAuthUserPassSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3087,15 +3121,15 @@ pub struct ClusterSecretStoreProviderVaultTls { /// If no key for the Secret is specified, external-secret will default to 'tls.crt'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultTlsCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3105,15 +3139,15 @@ pub struct ClusterSecretStoreProviderVaultTlsCertSecretRef { /// If no key for the Secret is specified, external-secret will default to 'tls.key'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderVaultTlsKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3164,7 +3198,7 @@ pub struct ClusterSecretStoreProviderWebhook { /// The provider for the CA bundle to use to validate webhook server certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ClusterSecretStoreProviderWebhookCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -3204,15 +3238,15 @@ pub struct ClusterSecretStoreProviderWebhookSecrets { /// Secret ref to fill in credentials #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderWebhookSecretsSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3241,15 +3275,15 @@ pub struct ClusterSecretStoreProviderYandexcertificatemanagerAuth { /// The authorized key used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexcertificatemanagerAuthAuthorizedKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3257,25 +3291,25 @@ pub struct ClusterSecretStoreProviderYandexcertificatemanagerAuthAuthorizedKeySe /// The provider for the CA bundle to use to validate Yandex.Cloud server certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexcertificatemanagerCaProvider { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexcertificatemanagerCaProviderCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3304,15 +3338,15 @@ pub struct ClusterSecretStoreProviderYandexlockboxAuth { /// The authorized key used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3320,25 +3354,25 @@ pub struct ClusterSecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { /// The provider for the CA bundle to use to validate Yandex.Cloud server certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexlockboxCaProvider { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterSecretStoreProviderYandexlockboxCaProviderCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs index ad1d87640..2b7bece8a 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/externalsecrets.rs @@ -27,8 +27,10 @@ pub struct ExternalSecretSpec { /// If multiple entries are specified, the Secret keys are merged in the specified order #[serde(default, skip_serializing_if = "Option::is_none", rename = "dataFrom")] pub data_from: Option>, - /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider + /// RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + /// specified as Golang Duration strings. /// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + /// Example values: "1h", "2h30m", "5d", "10s" /// May be set to zero to fetch and create it once. Defaults to 1h. #[serde(default, skip_serializing_if = "Option::is_none", rename = "refreshInterval")] pub refresh_interval: Option, @@ -48,12 +50,11 @@ pub struct ExternalSecretData { /// which secret (version/property/..) to fetch. #[serde(rename = "remoteRef")] pub remote_ref: ExternalSecretDataRemoteRef, - /// SecretKey defines the key in which the controller stores - /// the value. This is the key in the Kind=Secret + /// The key in the Kubernetes Secret to store the value. #[serde(rename = "secretKey")] pub secret_key: String, /// SourceRef allows you to override the source - /// from which the value will pulled from. + /// from which the value will be pulled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourceRef")] pub source_ref: Option, } @@ -109,7 +110,7 @@ pub enum ExternalSecretDataRemoteRefMetadataPolicy { } /// SourceRef allows you to override the source -/// from which the value will pulled from. +/// from which the value will be pulled. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretDataSourceRef { /// GeneratorRef points to a generator custom resource. @@ -127,26 +128,58 @@ pub struct ExternalSecretDataSourceRef { /// /// Deprecated: The generatorRef is not implemented in .data[]. /// this will be removed with v1. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ExternalSecretDataSourceRefGeneratorRef { /// Specify the apiVersion of the generator resource #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. - pub kind: String, + /// Specify the Kind of the generator resource + pub kind: ExternalSecretDataSourceRefGeneratorRefKind, /// Specify the name of the generator resource pub name: String, } +/// GeneratorRef points to a generator custom resource. +/// +/// Deprecated: The generatorRef is not implemented in .data[]. +/// this will be removed with v1. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ExternalSecretDataSourceRefGeneratorRefKind { + #[serde(rename = "ACRAccessToken")] + AcrAccessToken, + ClusterGenerator, + #[serde(rename = "ECRAuthorizationToken")] + EcrAuthorizationToken, + Fake, + #[serde(rename = "GCRAccessToken")] + GcrAccessToken, + GithubAccessToken, + Password, + #[serde(rename = "STSSessionToken")] + StsSessionToken, + #[serde(rename = "UUID")] + Uuid, + VaultDynamicSecret, + Webhook, +} + /// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretDataSourceRefStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ExternalSecretDataSourceRefStoreRefKind { + SecretStore, + ClusterSecretStore, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -319,26 +352,55 @@ pub struct ExternalSecretDataFromSourceRef { } /// GeneratorRef points to a generator custom resource. -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct ExternalSecretDataFromSourceRefGeneratorRef { /// Specify the apiVersion of the generator resource #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. - pub kind: String, + /// Specify the Kind of the generator resource + pub kind: ExternalSecretDataFromSourceRefGeneratorRefKind, /// Specify the name of the generator resource pub name: String, } +/// GeneratorRef points to a generator custom resource. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ExternalSecretDataFromSourceRefGeneratorRefKind { + #[serde(rename = "ACRAccessToken")] + AcrAccessToken, + ClusterGenerator, + #[serde(rename = "ECRAuthorizationToken")] + EcrAuthorizationToken, + Fake, + #[serde(rename = "GCRAccessToken")] + GcrAccessToken, + GithubAccessToken, + Password, + #[serde(rename = "STSSessionToken")] + StsSessionToken, + #[serde(rename = "UUID")] + Uuid, + VaultDynamicSecret, + Webhook, +} + /// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretDataFromSourceRefStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ExternalSecretDataFromSourceRefStoreRefKind { + SecretStore, + ClusterSecretStore, } /// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. @@ -347,28 +409,35 @@ pub struct ExternalSecretSecretStoreRef { /// Kind of the SecretStore resource (SecretStore or ClusterSecretStore) /// Defaults to `SecretStore` #[serde(default, skip_serializing_if = "Option::is_none")] - pub kind: Option, + pub kind: Option, /// Name of the SecretStore resource - pub name: String, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ExternalSecretSecretStoreRefKind { + SecretStore, + ClusterSecretStore, } /// ExternalSecretTarget defines the Kubernetes Secret to be created /// There can be only one target per ExternalSecret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTarget { - /// CreationPolicy defines rules on how to create the resulting Secret - /// Defaults to 'Owner' + /// CreationPolicy defines rules on how to create the resulting Secret. + /// Defaults to "Owner" #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationPolicy")] pub creation_policy: Option, - /// DeletionPolicy defines rules on how to delete the resulting Secret - /// Defaults to 'Retain' + /// DeletionPolicy defines rules on how to delete the resulting Secret. + /// Defaults to "Retain" #[serde(default, skip_serializing_if = "Option::is_none", rename = "deletionPolicy")] pub deletion_policy: Option, /// Immutable defines if the final secret will be immutable #[serde(default, skip_serializing_if = "Option::is_none")] pub immutable: Option, - /// Name defines the name of the Secret resource to be managed - /// This field is immutable + /// The name of the Secret resource to be managed. /// Defaults to the .metadata.name of the ExternalSecret resource #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -456,12 +525,15 @@ pub struct ExternalSecretTargetTemplateTemplateFrom { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromConfigMap { + /// A list of keys in the ConfigMap/Secret to use as templates for Secret data pub items: Vec, + /// The name of the ConfigMap/Secret resource pub name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromConfigMapItems { + /// A key in the ConfigMap/Secret pub key: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "templateAs")] pub template_as: Option, @@ -475,12 +547,15 @@ pub enum ExternalSecretTargetTemplateTemplateFromConfigMapItemsTemplateAs { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromSecret { + /// A list of keys in the ConfigMap/Secret to use as templates for Secret data pub items: Vec, + /// The name of the ConfigMap/Secret resource pub name: String, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ExternalSecretTargetTemplateTemplateFromSecretItems { + /// A key in the ConfigMap/Secret pub key: String, #[serde(default, skip_serializing_if = "Option::is_none", rename = "templateAs")] pub template_as: Option, diff --git a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs index 4474db88a..ba677175c 100644 --- a/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs +++ b/kube-custom-resources-rs/src/external_secrets_io/v1beta1/secretstores.rs @@ -249,15 +249,15 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefKubernetesAuth { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefKubernetesAuthSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -275,8 +275,8 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefKubernetesAuthServiceAccountR pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -288,11 +288,11 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessID")] pub access_id: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessType")] pub access_type: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "accessTypeParam")] pub access_type_param: Option, @@ -301,49 +301,49 @@ pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRef { /// The SecretAccessID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessType { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAkeylessAuthSecretRefSecretRefAccessTypeParam { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -420,15 +420,15 @@ pub struct SecretStoreProviderAlibabaAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -436,15 +436,15 @@ pub struct SecretStoreProviderAlibabaAuthSecretRefAccessKeyIdSecretRef { /// The AccessKeySecret is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAlibabaAuthSecretRefAccessKeySecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -516,8 +516,8 @@ pub struct SecretStoreProviderAwsAuthJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -542,15 +542,15 @@ pub struct SecretStoreProviderAwsAuthSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -558,15 +558,15 @@ pub struct SecretStoreProviderAwsAuthSecretRefAccessKeyIdSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAwsAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -576,15 +576,15 @@ pub struct SecretStoreProviderAwsAuthSecretRefSecretAccessKeySecretRef { /// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAwsAuthSecretRefSessionTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -674,15 +674,15 @@ pub struct SecretStoreProviderAzurekvAuthSecretRef { /// The Azure ClientCertificate of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAzurekvAuthSecretRefClientCertificate { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -690,15 +690,15 @@ pub struct SecretStoreProviderAzurekvAuthSecretRefClientCertificate { /// The Azure clientId of the service principle or managed identity used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAzurekvAuthSecretRefClientId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -706,15 +706,15 @@ pub struct SecretStoreProviderAzurekvAuthSecretRefClientId { /// The Azure ClientSecret of the service principle used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAzurekvAuthSecretRefClientSecret { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -722,15 +722,15 @@ pub struct SecretStoreProviderAzurekvAuthSecretRefClientSecret { /// The Azure tenantId of the managed identity used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderAzurekvAuthSecretRefTenantId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -764,8 +764,8 @@ pub struct SecretStoreProviderAzurekvServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -782,19 +782,51 @@ pub struct SecretStoreProviderBeyondtrust { /// Auth configures how the operator authenticates with Beyondtrust. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuth { - /// Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + /// APIKey If not provided then ClientID/ClientSecret become required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. #[serde(default, skip_serializing_if = "Option::is_none")] pub certificate: Option, /// Certificate private key (key.pem). For use when authenticating with an OAuth client Id #[serde(default, skip_serializing_if = "Option::is_none", rename = "certificateKey")] pub certificate_key: Option, - #[serde(rename = "clientId")] - pub client_id: SecretStoreProviderBeyondtrustAuthClientId, - #[serde(rename = "clientSecret")] - pub client_secret: SecretStoreProviderBeyondtrustAuthClientSecret, + /// ClientID is the API OAuth Client ID. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientId")] + pub client_id: Option, + /// ClientSecret is the API OAuth Client Secret. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientSecret")] + pub client_secret: Option, } -/// Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. +/// APIKey If not provided then ClientID/ClientSecret become required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct SecretStoreProviderBeyondtrustAuthApiKey { + /// SecretRef references a key in a secret that will be used as value. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretRef")] + pub secret_ref: Option, + /// Value can be specified directly to set a value without using a secret. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// SecretRef references a key in a secret that will be used as value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct SecretStoreProviderBeyondtrustAuthApiKeySecretRef { + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// The name of the Secret resource being referred to. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, +} + +/// Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthCertificate { /// SecretRef references a key in a secret that will be used as value. @@ -808,15 +840,15 @@ pub struct SecretStoreProviderBeyondtrustAuthCertificate { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthCertificateSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -835,19 +867,20 @@ pub struct SecretStoreProviderBeyondtrustAuthCertificateKey { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthCertificateKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } +/// ClientID is the API OAuth Client ID. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthClientId { /// SecretRef references a key in a secret that will be used as value. @@ -861,19 +894,20 @@ pub struct SecretStoreProviderBeyondtrustAuthClientId { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthClientIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } +/// ClientSecret is the API OAuth Client Secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthClientSecret { /// SecretRef references a key in a secret that will be used as value. @@ -887,15 +921,15 @@ pub struct SecretStoreProviderBeyondtrustAuthClientSecret { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBeyondtrustAuthClientSecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -964,15 +998,15 @@ pub struct SecretStoreProviderBitwardensecretsmanagerAuthSecretRef { /// AccessToken used for the bitwarden instance. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderBitwardensecretsmanagerAuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1032,15 +1066,15 @@ pub struct SecretStoreProviderChefAuthSecretRef { /// SecretKey is the Signing Key in PEM format, used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderChefAuthSecretRefPrivateKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1070,46 +1104,46 @@ pub struct SecretStoreProviderConjurAuth { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderConjurAuthApikey { pub account: String, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "apiKeyRef")] pub api_key_ref: SecretStoreProviderConjurAuthApikeyApiKeyRef, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "userRef")] pub user_ref: SecretStoreProviderConjurAuthApikeyUserRef, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderConjurAuthApikeyApiKeyRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderConjurAuthApikeyUserRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1138,15 +1172,15 @@ pub struct SecretStoreProviderConjurAuthJwt { /// authenticate with Conjur using the JWT authentication method. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderConjurAuthJwtSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1162,8 +1196,8 @@ pub struct SecretStoreProviderConjurAuthJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1232,15 +1266,15 @@ pub struct SecretStoreProviderDelineaClientId { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderDelineaClientIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1259,15 +1293,15 @@ pub struct SecretStoreProviderDelineaClientSecret { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderDelineaClientSecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1298,15 +1332,15 @@ pub struct SecretStoreProviderDevice42AuthSecretRef { /// Username / Password is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderDevice42AuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1351,15 +1385,15 @@ pub struct SecretStoreProviderDopplerAuthSecretRef { /// The Key attribute defaults to dopplerToken if not specified. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderDopplerAuthSecretRefDopplerToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1436,15 +1470,15 @@ pub struct SecretStoreProviderFortanixApiKey { /// SecretRef is a reference to a secret containing the SDKMS API Key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderFortanixApiKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1482,15 +1516,15 @@ pub struct SecretStoreProviderGcpsmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderGcpsmAuthSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1518,8 +1552,8 @@ pub struct SecretStoreProviderGcpsmAuthWorkloadIdentityServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1563,15 +1597,15 @@ pub struct SecretStoreProviderGitlabAuthSecretRef { /// AccessToken is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderGitlabAuthSecretRefAccessToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1618,15 +1652,15 @@ pub struct SecretStoreProviderIbmAuthSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderIbmAuthSecretRefSecretApiKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1651,46 +1685,46 @@ pub struct SecretStoreProviderInfisicalAuth { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderInfisicalAuthUniversalAuthCredentials { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "clientId")] pub client_id: SecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientId, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "clientSecret")] pub client_secret: SecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientSecret, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientId { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderInfisicalAuthUniversalAuthCredentialsClientSecret { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1710,7 +1744,7 @@ pub struct SecretStoreProviderInfisicalSecretsScope { /// KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKeepersecurity { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "authRef")] pub auth_ref: SecretStoreProviderKeepersecurityAuthRef, @@ -1718,19 +1752,19 @@ pub struct SecretStoreProviderKeepersecurity { pub folder_id: String, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKeepersecurityAuthRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1769,46 +1803,46 @@ pub struct SecretStoreProviderKubernetesAuth { /// has both clientCert and clientKey as secretKeySelector #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthCert { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientCert")] pub client_cert: Option, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clientKey")] pub client_key: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthCertClientKey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1823,8 +1857,8 @@ pub struct SecretStoreProviderKubernetesAuthServiceAccount { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1832,25 +1866,25 @@ pub struct SecretStoreProviderKubernetesAuthServiceAccount { /// use static token to authenticate with #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthToken { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bearerToken")] pub bearer_token: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthTokenBearerToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1858,15 +1892,15 @@ pub struct SecretStoreProviderKubernetesAuthTokenBearerToken { /// A reference to a secret that contains the auth information. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderKubernetesAuthRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1939,15 +1973,15 @@ pub struct SecretStoreProviderOnboardbaseAuth { /// It is used to recognize and authorize access to a project and environment within onboardbase #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOnboardbaseAuthApiKeyRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1955,15 +1989,15 @@ pub struct SecretStoreProviderOnboardbaseAuthApiKeyRef { /// OnboardbasePasscode is the passcode attached to the API Key #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOnboardbaseAuthPasscodeRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -1999,15 +2033,15 @@ pub struct SecretStoreProviderOnepasswordAuthSecretRef { /// The ConnectToken is used for authentication to a 1Password Connect Server. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOnepasswordAuthSecretRefConnectTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2067,15 +2101,15 @@ pub struct SecretStoreProviderOracleAuthSecretRef { /// Fingerprint is the fingerprint of the API private key. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOracleAuthSecretRefFingerprint { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2083,15 +2117,15 @@ pub struct SecretStoreProviderOracleAuthSecretRefFingerprint { /// PrivateKey is the user's API Signing Key in PEM format, used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderOracleAuthSecretRefPrivatekey { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2117,8 +2151,8 @@ pub struct SecretStoreProviderOracleServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2134,46 +2168,46 @@ pub struct SecretStoreProviderPassbolt { /// Auth defines the information necessary to authenticate against Passbolt Server #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPassboltAuth { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "passwordSecretRef")] pub password_secret_ref: SecretStoreProviderPassboltAuthPasswordSecretRef, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "privateKeySecretRef")] pub private_key_secret_ref: SecretStoreProviderPassboltAuthPrivateKeySecretRef, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPassboltAuthPasswordSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPassboltAuthPrivateKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2206,15 +2240,15 @@ pub struct SecretStoreProviderPassworddepotAuthSecretRef { /// Username / Password is used for authentication. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPassworddepotAuthSecretRefCredentials { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2247,15 +2281,15 @@ pub struct SecretStoreProviderPreviderAuthSecretRef { /// The AccessToken is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPreviderAuthSecretRefAccessToken { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2292,15 +2326,15 @@ pub struct SecretStoreProviderPulumiAccessToken { /// SecretRef is a reference to a secret containing the Pulumi API token. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderPulumiAccessTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2338,15 +2372,15 @@ pub struct SecretStoreProviderScalewayAccessKey { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderScalewayAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2365,15 +2399,15 @@ pub struct SecretStoreProviderScalewaySecretKey { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderScalewaySecretKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2406,15 +2440,15 @@ pub struct SecretStoreProviderSecretserverPassword { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderSecretserverPasswordSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2433,15 +2467,15 @@ pub struct SecretStoreProviderSecretserverUsername { /// SecretRef references a key in a secret that will be used as value. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderSecretserverUsernameSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2465,25 +2499,25 @@ pub struct SecretStoreProviderSenhasegura { pub struct SecretStoreProviderSenhaseguraAuth { #[serde(rename = "clientId")] pub client_id: String, - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(rename = "clientSecretSecretRef")] pub client_secret_secret_ref: SecretStoreProviderSenhaseguraAuthClientSecretSecretRef, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderSenhaseguraAuthClientSecretSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2616,15 +2650,15 @@ pub struct SecretStoreProviderVaultAuthAppRole { /// resource is used as the app role id. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthAppRoleRoleRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2635,15 +2669,15 @@ pub struct SecretStoreProviderVaultAuthAppRoleRoleRef { /// resource is used as the app role secret. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthAppRoleSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2666,15 +2700,15 @@ pub struct SecretStoreProviderVaultAuthCert { /// authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthCertClientCert { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2683,15 +2717,15 @@ pub struct SecretStoreProviderVaultAuthCertClientCert { /// authenticate with Vault using the Cert authentication method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2744,8 +2778,8 @@ pub struct SecretStoreProviderVaultAuthIamJwtServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2769,15 +2803,15 @@ pub struct SecretStoreProviderVaultAuthIamSecretRef { /// The AccessKeyID is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthIamSecretRefAccessKeyIdSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2785,15 +2819,15 @@ pub struct SecretStoreProviderVaultAuthIamSecretRefAccessKeyIdSecretRef { /// The SecretAccessKey is used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthIamSecretRefSecretAccessKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2803,15 +2837,15 @@ pub struct SecretStoreProviderVaultAuthIamSecretRefSecretAccessKeySecretRef { /// see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthIamSecretRefSessionTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2869,8 +2903,8 @@ pub struct SecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenServiceAc pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2879,15 +2913,15 @@ pub struct SecretStoreProviderVaultAuthJwtKubernetesServiceAccountTokenServiceAc /// authenticate with Vault using the JWT/OIDC authentication method. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthJwtSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2923,15 +2957,15 @@ pub struct SecretStoreProviderVaultAuthKubernetes { /// the controller will be used. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthKubernetesSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2949,8 +2983,8 @@ pub struct SecretStoreProviderVaultAuthKubernetesServiceAccountRef { pub audiences: Option>, /// The name of the ServiceAccount resource being referred to. pub name: String, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// Namespace of the resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2977,15 +3011,15 @@ pub struct SecretStoreProviderVaultAuthLdap { /// method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthLdapSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -2993,15 +3027,15 @@ pub struct SecretStoreProviderVaultAuthLdapSecretRef { /// TokenSecretRef authenticates with Vault by presenting a token. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthTokenSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3027,15 +3061,15 @@ pub struct SecretStoreProviderVaultAuthUserPass { /// method #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultAuthUserPassSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3088,15 +3122,15 @@ pub struct SecretStoreProviderVaultTls { /// If no key for the Secret is specified, external-secret will default to 'tls.crt'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultTlsCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3106,15 +3140,15 @@ pub struct SecretStoreProviderVaultTlsCertSecretRef { /// If no key for the Secret is specified, external-secret will default to 'tls.key'. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderVaultTlsKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3165,7 +3199,7 @@ pub struct SecretStoreProviderWebhook { /// The provider for the CA bundle to use to validate webhook server certificate. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct SecretStoreProviderWebhookCaProvider { - /// The key the value inside of the provider type to use, only used with "Secret" type + /// The key where the CA certificate can be found in the Secret or ConfigMap. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the object located at the provider type. @@ -3205,15 +3239,15 @@ pub struct SecretStoreProviderWebhookSecrets { /// Secret ref to fill in credentials #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderWebhookSecretsSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3242,15 +3276,15 @@ pub struct SecretStoreProviderYandexcertificatemanagerAuth { /// The authorized key used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexcertificatemanagerAuthAuthorizedKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3258,25 +3292,25 @@ pub struct SecretStoreProviderYandexcertificatemanagerAuthAuthorizedKeySecretRef /// The provider for the CA bundle to use to validate Yandex.Cloud server certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexcertificatemanagerCaProvider { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexcertificatemanagerCaProviderCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3305,15 +3339,15 @@ pub struct SecretStoreProviderYandexlockboxAuth { /// The authorized key used for authentication #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } @@ -3321,25 +3355,25 @@ pub struct SecretStoreProviderYandexlockboxAuthAuthorizedKeySecretRef { /// The provider for the CA bundle to use to validate Yandex.Cloud server certificate. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexlockboxCaProvider { - /// A reference to a specific 'key' within a Secret resource, + /// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "certSecretRef")] pub cert_secret_ref: Option, } -/// A reference to a specific 'key' within a Secret resource, +/// A reference to a specific 'key' within a Secret resource. /// In some instances, `key` is a required field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecretStoreProviderYandexlockboxCaProviderCertSecretRef { - /// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - /// defaulted, in others it may be required. + /// A key in the referenced Secret. + /// Some instances of this field may be defaulted, in others it may be required. #[serde(default, skip_serializing_if = "Option::is_none")] pub key: Option, /// The name of the Secret resource being referred to. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - /// to the namespace of the referent. + /// The namespace of the Secret resource being referred to. + /// Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } diff --git a/kube-custom-resources-rs/src/flagger_app/v1beta1/canaries.rs b/kube-custom-resources-rs/src/flagger_app/v1beta1/canaries.rs index d92f4e902..5679cbbee 100644 --- a/kube-custom-resources-rs/src/flagger_app/v1beta1/canaries.rs +++ b/kube-custom-resources-rs/src/flagger_app/v1beta1/canaries.rs @@ -241,6 +241,9 @@ pub struct CanaryAnalysisSessionAffinity { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryAnalysisWebhooks { + /// Disable TLS verification for this webhook + #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableTLS")] + pub disable_tls: Option, /// Metadata (key-value pairs) for this webhook #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option>, @@ -307,9 +310,9 @@ pub enum CanaryAutoscalerRefKind { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CanaryAutoscalerRefPrimaryScalerReplicas { #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxReplicas")] - pub max_replicas: Option, + pub max_replicas: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReplicas")] - pub min_replicas: Option, + pub min_replicas: Option, } /// Ingress selector diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs index bd8cc72fe..a449874db 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta1/flowcollectors.rs @@ -1535,12 +1535,18 @@ pub struct FlowCollectorProcessor { /// such as `GOGC` and `GOMAXPROCS` env vars. Set these values at your own risk. #[serde(default, skip_serializing_if = "Option::is_none")] pub debug: Option, + /// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deduper: Option, /// `dropUnusedFields` [deprecated (*)] this setting is not used anymore. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dropUnusedFields")] pub drop_unused_fields: Option, /// `enableKubeProbes` is a flag to enable or disable Kubernetes liveness and readiness probes #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableKubeProbes")] pub enable_kube_probes: Option, + /// `filters` let you define custom filters to limit the amount of generated flows. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, /// `healthPort` is a collector HTTP port in the Pod that exposes the health check API #[serde(default, skip_serializing_if = "Option::is_none", rename = "healthPort")] pub health_port: Option, @@ -1608,6 +1614,77 @@ pub struct FlowCollectorProcessorDebug { pub env: Option>, } +/// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlowCollectorProcessorDeduper { + /// Set the Processor deduper mode (de-duplication). It comes in addition to the Agent deduper because the Agent cannot de-duplicate same flows reported from different nodes.
+ /// - Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially loosing some information such as the network interfaces used from peer.
+ /// - Use `Sample` to randomly keep only 1 flow on 50 (by default) among the ones considered as duplicates. This is a compromise between dropping every duplicates or keeping every duplicates. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling are 50, the combined sampling is 1:2500.
+ /// - Use `Disabled` to turn off Processor-based de-duplication.
+ #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// `sampling` is the sampling rate when deduper `mode` is `Sample`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sampling: Option, +} + +/// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum FlowCollectorProcessorDeduperMode { + Disabled, + Drop, + Sample, +} + +/// `FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlowCollectorProcessorFilters { + /// `filters` is a list of matches that must be all satisfied in order to remove a flow. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, + /// If specified, this filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "outputTarget")] + pub output_target: Option, + /// `sampling` is an optional sampling rate to apply to this filter. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sampling: Option, +} + +/// `FLPSingleFilter` defines the desired configuration for a single FLP-based filter +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct FlowCollectorProcessorFiltersAllOf { + /// Name of the field to filter on + /// Refer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html. + pub field: String, + /// Type of matching to apply + #[serde(rename = "matchType")] + pub match_type: FlowCollectorProcessorFiltersAllOfMatchType, + /// Value to filter on. When `matchType` is `Equal` or `NotEqual`, you can use field injection with `$(SomeField)` to refer to any other field of the flow. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// `FLPSingleFilter` defines the desired configuration for a single FLP-based filter +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum FlowCollectorProcessorFiltersAllOfMatchType { + Equal, + NotEqual, + Presence, + Absence, + MatchRegex, + NotMatchRegex, +} + +/// `FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum FlowCollectorProcessorFiltersOutputTarget { + #[serde(rename = "")] + KopiumEmpty, + Loki, + Metrics, + Exporters, +} + /// `processor` defines the settings of the component that receives the flows from the agent, /// enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] diff --git a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs index 8eb5f3917..961552501 100644 --- a/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs +++ b/kube-custom-resources-rs/src/flows_netobserv_io/v1beta2/flowcollectors.rs @@ -921,54 +921,55 @@ pub struct FlowCollectorAgentEbpfAdvancedSchedulingTolerations { /// `flowFilter` defines the eBPF agent configuration regarding flow filtering. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowCollectorAgentEbpfFlowFilter { - /// `action` defines the action to perform on the flows that match the filter. + /// `action` defines the action to perform on the flows that match the filter. The available options are `Accept`, which is the default, and `Reject`. #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// `cidr` defines the IP CIDR to filter flows by. /// Examples: `10.10.10.0/24` or `100:100:100:100::/64` #[serde(default, skip_serializing_if = "Option::is_none")] pub cidr: Option, - /// `destPorts` defines the destination ports to filter flows by. + /// `destPorts` optionally defines the destination ports to filter flows by. /// To filter a single port, set a single port as an integer value. For example, `destPorts: 80`. /// To filter a range of ports, use a "start-end" range in string format. For example, `destPorts: "80-100"`. /// To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "destPorts")] pub dest_ports: Option, - /// `direction` defines the direction to filter flows by. + /// `direction` optionally defines a direction to filter flows by. The available options are `Ingress` and `Egress`. #[serde(default, skip_serializing_if = "Option::is_none")] pub direction: Option, /// Set `enable` to `true` to enable the eBPF flow filtering feature. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, - /// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, defines the ICMP code to filter flows by. + /// `icmpCode`, for Internet Control Message Protocol (ICMP) traffic, optionally defines the ICMP code to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpCode")] pub icmp_code: Option, - /// `icmpType`, for ICMP traffic, defines the ICMP type to filter flows by. + /// `icmpType`, for ICMP traffic, optionally defines the ICMP type to filter flows by. #[serde(default, skip_serializing_if = "Option::is_none", rename = "icmpType")] pub icmp_type: Option, - /// `peerIP` defines the IP address to filter flows by. + /// `peerIP` optionally defines the remote IP address to filter flows by. /// Example: `10.10.10.10`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "peerIP")] pub peer_ip: Option, - /// `pktDrops` filters flows with packet drops + /// `pktDrops` optionally filters only flows containing packet drops. #[serde(default, skip_serializing_if = "Option::is_none", rename = "pktDrops")] pub pkt_drops: Option, - /// `ports` defines the ports to filter flows by. It is used both for source and destination ports. + /// `ports` optionally defines the ports to filter flows by. It is used both for source and destination ports. /// To filter a single port, set a single port as an integer value. For example, `ports: 80`. /// To filter a range of ports, use a "start-end" range in string format. For example, `ports: "80-100"`. /// To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`. #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option, - /// `protocol` defines the protocol to filter flows by. + /// `protocol` optionally defines a protocol to filter flows by. The available options are `TCP`, `UDP`, `ICMP`, `ICMPv6`, and `SCTP`. #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, - /// `sourcePorts` defines the source ports to filter flows by. + /// `sourcePorts` optionally defines the source ports to filter flows by. /// To filter a single port, set a single port as an integer value. For example, `sourcePorts: 80`. /// To filter a range of ports, use a "start-end" range in string format. For example, `sourcePorts: "80-100"`. /// To filter two ports, use a "port1,port2" in string format. For example, `ports: "80,100"`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "sourcePorts")] pub source_ports: Option, - /// `tcpFlags` defines the TCP flags to filter flows by. + /// `tcpFlags` optionally defines TCP flags to filter flows by. + /// In addition to the standard flags (RFC-9293), you can also filter by one of the three following combinations: `SYN-ACK`, `FIN-ACK`, and `RST-ACK`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tcpFlags")] pub tcp_flags: Option, } @@ -1147,7 +1148,7 @@ pub struct FlowCollectorAgentEbpfMetricsServerTlsProvidedCaFile { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2416,7 +2417,7 @@ pub struct FlowCollectorExporters { /// OpenTelemetry configuration, such as the IP address and port to send enriched logs or metrics to. #[serde(default, skip_serializing_if = "Option::is_none", rename = "openTelemetry")] pub open_telemetry: Option, - /// `type` selects the type of exporters. The available options are `Kafka` and `IPFIX`. + /// `type` selects the type of exporters. The available options are `Kafka`, `IPFIX`, and `OpenTelemetry`. #[serde(rename = "type")] pub r#type: FlowCollectorExportersType, } @@ -2486,7 +2487,7 @@ pub struct FlowCollectorExportersKafkaSaslClientIdReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2513,7 +2514,7 @@ pub struct FlowCollectorExportersKafkaSaslClientSecretReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2812,7 +2813,7 @@ pub struct FlowCollectorKafkaSaslClientIdReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -2839,7 +2840,7 @@ pub struct FlowCollectorKafkaSaslClientSecretReference { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } @@ -3440,7 +3441,7 @@ pub struct FlowCollectorNetworkPolicy { pub additional_namespaces: Option>, /// Set `enable` to `true` to deploy network policies on the namespaces used by NetObserv (main and privileged). It is disabled by default. /// These network policies better isolate the NetObserv components to prevent undesired connections to them. - /// We recommend you either enable it, or create your own network policy for NetObserv. + /// To increase the security of connections, enable this option or create your own network policy. #[serde(default, skip_serializing_if = "Option::is_none")] pub enable: Option, } @@ -3461,6 +3462,14 @@ pub struct FlowCollectorProcessor { /// `clusterName` is the name of the cluster to appear in the flows data. This is useful in a multi-cluster context. When using OpenShift, leave empty to make it automatically determined. #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterName")] pub cluster_name: Option, + /// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage. + /// IMPORTANT: This feature is available as a Developer Preview. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deduper: Option, + /// `filters` let you define custom filters to limit the amount of generated flows. + /// IMPORTANT: This feature is available as a Developer Preview. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, /// `imagePullPolicy` is the Kubernetes pull policy for the image defined above #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullPolicy")] pub image_pull_policy: Option, @@ -4313,6 +4322,79 @@ pub struct FlowCollectorProcessorAdvancedSecondaryNetworks { pub name: String, } +/// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage. +/// IMPORTANT: This feature is available as a Developer Preview. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlowCollectorProcessorDeduper { + /// Set the Processor de-duplication mode. It comes in addition to the Agent-based deduplication because the Agent cannot de-duplicate same flows reported from different nodes.
+ /// - Use `Drop` to drop every flow considered as duplicates, allowing saving more on resource usage but potentially loosing some information such as the network interfaces used from peer, or network events.
+ /// - Use `Sample` to randomly keep only 1 flow on 50 (by default) among the ones considered as duplicates. This is a compromise between dropping every duplicates or keeping every duplicates. This sampling action comes in addition to the Agent-based sampling. If both Agent and Processor sampling are 50, the combined sampling is 1:2500.
+ /// - Use `Disabled` to turn off Processor-based de-duplication.
+ #[serde(default, skip_serializing_if = "Option::is_none")] + pub mode: Option, + /// `sampling` is the sampling rate when deduper `mode` is `Sample`. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sampling: Option, +} + +/// `deduper` allows to sample or drop flows identified as duplicates, in order to save on resource usage. +/// IMPORTANT: This feature is available as a Developer Preview. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum FlowCollectorProcessorDeduperMode { + Disabled, + Drop, + Sample, +} + +/// `FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FlowCollectorProcessorFilters { + /// `filters` is a list of matches that must be all satisfied in order to remove a flow. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, + /// If specified, this filters only target a single output: `Loki`, `Metrics` or `Exporters`. By default, all outputs are targeted. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "outputTarget")] + pub output_target: Option, + /// `sampling` is an optional sampling rate to apply to this filter. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub sampling: Option, +} + +/// `FLPSingleFilter` defines the desired configuration for a single FLP-based filter +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct FlowCollectorProcessorFiltersAllOf { + /// Name of the field to filter on + /// Refer to the documentation for the list of available fields: https://docs.openshift.com/container-platform/latest/observability/network_observability/json-flows-format-reference.html. + pub field: String, + /// Type of matching to apply + #[serde(rename = "matchType")] + pub match_type: FlowCollectorProcessorFiltersAllOfMatchType, + /// Value to filter on. When `matchType` is `Equal` or `NotEqual`, you can use field injection with `$(SomeField)` to refer to any other field of the flow. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// `FLPSingleFilter` defines the desired configuration for a single FLP-based filter +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum FlowCollectorProcessorFiltersAllOfMatchType { + Equal, + NotEqual, + Presence, + Absence, + MatchRegex, + NotMatchRegex, +} + +/// `FLPFilterSet` defines the desired configuration for FLP-based filtering satisfying all conditions +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum FlowCollectorProcessorFiltersOutputTarget { + #[serde(rename = "")] + KopiumEmpty, + Loki, + Metrics, + Exporters, +} + /// `processor` defines the settings of the component that receives the flows from the agent, /// enriches them, generates metrics, and forwards them to the Loki persistence layer and/or any available exporter. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] @@ -4670,7 +4752,7 @@ pub struct FlowCollectorProcessorMetricsServerTlsProvidedCaFile { /// If the namespace is different, the config map or the secret is copied so that it can be mounted as required. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, - /// Type for the file reference: "configmap" or "secret". + /// Type for the file reference: `configmap` or `secret`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs index ccb996251..4ef743692 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfilters.rs @@ -30,6 +30,9 @@ pub struct ClusterFilterSpec { /// Use this option if you want to use the full regex syntax. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchRegex")] pub match_regex: Option, + /// An ordinal to influence filter ordering + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ordinal: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs index 83598943a..be29cfc82 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusterfluentbitconfigs.rs @@ -219,7 +219,7 @@ pub struct ClusterFluentBitConfigService { pub emitter_storage_type: Option, /// Interval to flush output #[serde(default, skip_serializing_if = "Option::is_none", rename = "flushSeconds")] - pub flush_seconds: Option, + pub flush_seconds: Option, /// Wait time on exit #[serde(default, skip_serializing_if = "Option::is_none", rename = "graceSeconds")] pub grace_seconds: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs index 2c2a2560a..fc0497d6f 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/clusteroutputs.rs @@ -3031,6 +3031,9 @@ pub struct ClusterOutputOpentelemetry { /// Log the response payload within the Fluent Bit log. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logResponsePayload")] pub log_response_payload: Option, + /// The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKey")] + pub logs_body_key: Option, /// If true, remaining unmatched keys are added as attributes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKeyAttributes")] pub logs_body_key_attributes: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs index 169114d57..2456081af 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/filters.rs @@ -31,6 +31,9 @@ pub struct FilterSpec { /// Use this option if you want to use the full regex syntax. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchRegex")] pub match_regex: Option, + /// An ordinal to influence filter ordering + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ordinal: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs index 2fb459a9d..1dde140bf 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbitconfigs.rs @@ -236,7 +236,7 @@ pub struct FluentBitConfigService { pub emitter_storage_type: Option, /// Interval to flush output #[serde(default, skip_serializing_if = "Option::is_none", rename = "flushSeconds")] - pub flush_seconds: Option, + pub flush_seconds: Option, /// Wait time on exit #[serde(default, skip_serializing_if = "Option::is_none", rename = "graceSeconds")] pub grace_seconds: Option, diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbits.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbits.rs index 985fe2373..3f2bc038d 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbits.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/fluentbits.rs @@ -53,6 +53,9 @@ pub struct FluentBitSpec { /// Fluentbitconfig object associated with this Fluentbit #[serde(default, skip_serializing_if = "Option::is_none", rename = "fluentBitConfigName")] pub fluent_bit_config_name: Option, + /// HostAliases is an optional list of IPs and hostnames that will be injected into the pod's hosts file if specified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostAliases")] + pub host_aliases: Option>, /// Host networking is requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostNetwork")] pub host_network: Option, @@ -1129,6 +1132,17 @@ pub struct FluentBitEnvVarsValueFromSecretKeyRef { pub optional: Option, } +/// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +/// pod's hosts file. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FluentBitHostAliases { + /// Hostnames for the above IP address. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostnames: Option>, + /// IP address of the host file entry. + pub ip: String, +} + /// LocalObjectReference contains enough information to let you locate the /// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs index a850eaa5c..93cd19041 100644 --- a/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs +++ b/kube-custom-resources-rs/src/fluentbit_fluent_io/v1alpha2/outputs.rs @@ -3032,6 +3032,9 @@ pub struct OutputOpentelemetry { /// Log the response payload within the Fluent Bit log. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logResponsePayload")] pub log_response_payload: Option, + /// The log body key to look up in the log events body/message. Sets the Body field of the opentelemtry logs data model. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKey")] + pub logs_body_key: Option, /// If true, remaining unmatched keys are added as attributes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "logsBodyKeyAttributes")] pub logs_body_key_attributes: Option, diff --git a/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/fluentds.rs b/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/fluentds.rs index 4e3722833..4b5ed3ac4 100644 --- a/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/fluentds.rs +++ b/kube-custom-resources-rs/src/fluentd_fluent_io/v1alpha1/fluentds.rs @@ -57,6 +57,9 @@ pub struct FluentdSpec { /// Fluentd global inputs. #[serde(default, skip_serializing_if = "Option::is_none", rename = "globalInputs")] pub global_inputs: Option>, + /// HostAliases is an optional list of IPs and hostnames that will be injected into the pod's hosts file if specified. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "hostAliases")] + pub host_aliases: Option>, /// Fluentd image. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, @@ -2489,6 +2492,17 @@ pub enum FluentdGlobalInputsTailParseType { MultilineGrok, } +/// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +/// pod's hosts file. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct FluentdHostAliases { + /// Hostnames for the above IP address. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostnames: Option>, + /// IP address of the host file entry. + pub ip: String, +} + /// LocalObjectReference contains enough information to let you locate the /// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs index 08406ff88..2ae06b0b2 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/migrations.rs @@ -381,6 +381,8 @@ pub struct MigrationStatusVmsWarm { /// Precopy durations #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MigrationStatusVmsWarmPrecopies { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deltas: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub end: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -389,3 +391,10 @@ pub struct MigrationStatusVmsWarmPrecopies { pub start: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct MigrationStatusVmsWarmPrecopiesDeltas { + #[serde(rename = "deltaId")] + pub delta_id: String, + pub disk: String, +} + diff --git a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs index 569c74c86..5dd9e4e61 100644 --- a/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs +++ b/kube-custom-resources-rs/src/forklift_konveyor_io/v1beta1/plans.rs @@ -782,6 +782,8 @@ pub struct PlanStatusMigrationVmsWarm { /// Precopy durations #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PlanStatusMigrationVmsWarmPrecopies { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub deltas: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] pub end: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -790,3 +792,10 @@ pub struct PlanStatusMigrationVmsWarmPrecopies { pub start: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PlanStatusMigrationVmsWarmPrecopiesDeltas { + #[serde(rename = "deltaId")] + pub delta_id: String, + pub disk: String, +} + diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs index eafbc75ff..0dafac72e 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadashboards.rs @@ -20,7 +20,7 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrafanaDashboardSpec { - /// allow to import this resources from an operator in a different namespace + /// Allow the Operator to match this resource with Grafanas outside the current namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowCrossNamespaceImport")] pub allow_cross_namespace_import: Option, /// dashboard from configmap @@ -53,7 +53,7 @@ pub struct GrafanaDashboardSpec { /// GzipJson the dashboard's JSON compressed with Gzip. Base64-encoded when in YAML. #[serde(default, skip_serializing_if = "Option::is_none", rename = "gzipJson")] pub gzip_json: Option, - /// selects Grafanas for import + /// Selects Grafana instances for import #[serde(rename = "instanceSelector")] pub instance_selector: GrafanaDashboardInstanceSelector, /// dashboard json @@ -68,7 +68,7 @@ pub struct GrafanaDashboardSpec { /// plugins #[serde(default, skip_serializing_if = "Option::is_none")] pub plugins: Option>, - /// how often the dashboard is refreshed, defaults to 5m if not set + /// How often the resource is synced, defaults to 10m0s if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, /// Manually specify the uid for the dashboard, overwrites uids already present in the json model @@ -215,7 +215,7 @@ pub struct GrafanaDashboardGrafanaCom { pub revision: Option, } -/// selects Grafanas for import +/// Selects Grafana instances for import #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDashboardInstanceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs index 3aab3a55b..f382d32f6 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanadatasources.rs @@ -19,19 +19,22 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrafanaDatasourceSpec { - /// allow to import this resources from an operator in a different namespace + /// Allow the Operator to match this resource with Grafanas outside the current namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowCrossNamespaceImport")] pub allow_cross_namespace_import: Option, pub datasource: GrafanaDatasourceDatasource, - /// selects Grafana instances for import + /// Selects Grafana instances for import #[serde(rename = "instanceSelector")] pub instance_selector: GrafanaDatasourceInstanceSelector, /// plugins #[serde(default, skip_serializing_if = "Option::is_none")] pub plugins: Option>, - /// how often the datasource is refreshed, defaults to 5m if not set + /// How often the resource is synced, defaults to 10m0s if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, + /// The UID, for the datasource, fallback to the deprecated spec.datasource.uid and metadata.uid + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, /// environments variables from secrets or config maps #[serde(default, skip_serializing_if = "Option::is_none", rename = "valuesFrom")] pub values_from: Option>, @@ -47,7 +50,7 @@ pub struct GrafanaDatasourceDatasource { pub basic_auth_user: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub database: Option, - /// Deprecated field, it has no effect + /// Whether to enable/disable editing of the datasource in Grafana UI #[serde(default, skip_serializing_if = "Option::is_none")] pub editable: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "isDefault")] @@ -63,6 +66,7 @@ pub struct GrafanaDatasourceDatasource { pub secure_json_data: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, + /// Deprecated field, use spec.uid instead #[serde(default, skip_serializing_if = "Option::is_none")] pub uid: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -71,7 +75,7 @@ pub struct GrafanaDatasourceDatasource { pub user: Option, } -/// selects Grafana instances for import +/// Selects Grafana instances for import #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaDatasourceInstanceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs index c58bd2acc..9d9fd6b47 100644 --- a/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs +++ b/kube-custom-resources-rs/src/grafana_integreatly_org/v1beta1/grafanafolders.rs @@ -20,10 +20,10 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct GrafanaFolderSpec { - /// Enable matching Grafana instances outside the current namespace + /// Allow the Operator to match this resource with Grafanas outside the current namespace #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowCrossNamespaceImport")] pub allow_cross_namespace_import: Option, - /// Selects Grafanas for import + /// Selects Grafana instances for import #[serde(rename = "instanceSelector")] pub instance_selector: GrafanaFolderInstanceSelector, /// Reference to an existing GrafanaFolder CR in the same namespace @@ -35,7 +35,7 @@ pub struct GrafanaFolderSpec { /// Raw json with folder permissions, potentially exported from Grafana #[serde(default, skip_serializing_if = "Option::is_none")] pub permissions: Option, - /// How often the folder is synced, defaults to 5m if not set + /// How often the resource is synced, defaults to 10m0s if not set #[serde(default, skip_serializing_if = "Option::is_none", rename = "resyncPeriod")] pub resync_period: Option, /// Display name of the folder in Grafana @@ -46,7 +46,7 @@ pub struct GrafanaFolderSpec { pub uid: Option, } -/// Selects Grafanas for import +/// Selects Grafana instances for import #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct GrafanaFolderInstanceSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/mod.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/mod.rs index 32a5a9d4f..87218411e 100644 --- a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/mod.rs +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/mod.rs @@ -1 +1,2 @@ pub mod v1alpha1; +pub mod v1beta1; diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/mod.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/mod.rs new file mode 100644 index 000000000..76d54816f --- /dev/null +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/mod.rs @@ -0,0 +1,3 @@ +pub mod volumegroupsnapshotclasses; +pub mod volumegroupsnapshotcontents; +pub mod volumegroupsnapshots; diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshotclasses.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshotclasses.rs new file mode 100644 index 000000000..b97801bd7 --- /dev/null +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshotclasses.rs @@ -0,0 +1,11 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotclasses.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; +} + diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshotcontents.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshotcontents.rs new file mode 100644 index 000000000..18d5915d8 --- /dev/null +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshotcontents.rs @@ -0,0 +1,229 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshotcontents.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::api::core::v1::ObjectReference; +} +use self::prelude::*; + +/// Spec defines properties of a VolumeGroupSnapshotContent created by the underlying storage system. +/// Required. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, PartialEq)] +#[kube(group = "groupsnapshot.storage.k8s.io", version = "v1beta1", kind = "VolumeGroupSnapshotContent", plural = "volumegroupsnapshotcontents")] +#[kube(status = "VolumeGroupSnapshotContentStatus")] +#[kube(schema = "disabled")] +#[kube(derive="PartialEq")] +pub struct VolumeGroupSnapshotContentSpec { + /// DeletionPolicy determines whether this VolumeGroupSnapshotContent and the + /// physical group snapshot on the underlying storage system should be deleted + /// when the bound VolumeGroupSnapshot is deleted. + /// Supported values are "Retain" and "Delete". + /// "Retain" means that the VolumeGroupSnapshotContent and its physical group + /// snapshot on underlying storage system are kept. + /// "Delete" means that the VolumeGroupSnapshotContent and its physical group + /// snapshot on underlying storage system are deleted. + /// For dynamically provisioned group snapshots, this field will automatically + /// be filled in by the CSI snapshotter sidecar with the "DeletionPolicy" field + /// defined in the corresponding VolumeGroupSnapshotClass. + /// For pre-existing snapshots, users MUST specify this field when creating the + /// VolumeGroupSnapshotContent object. + /// Required. + #[serde(rename = "deletionPolicy")] + pub deletion_policy: VolumeGroupSnapshotContentDeletionPolicy, + /// Driver is the name of the CSI driver used to create the physical group snapshot on + /// the underlying storage system. + /// This MUST be the same as the name returned by the CSI GetPluginName() call for + /// that driver. + /// Required. + pub driver: String, + /// Source specifies whether the snapshot is (or should be) dynamically provisioned + /// or already exists, and just requires a Kubernetes object representation. + /// This field is immutable after creation. + /// Required. + pub source: VolumeGroupSnapshotContentSource, + /// VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass from + /// which this group snapshot was (or will be) created. + /// Note that after provisioning, the VolumeGroupSnapshotClass may be deleted or + /// recreated with different set of values, and as such, should not be referenced + /// post-snapshot creation. + /// For dynamic provisioning, this field must be set. + /// This field may be unset for pre-provisioned snapshots. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeGroupSnapshotClassName")] + pub volume_group_snapshot_class_name: Option, + /// VolumeGroupSnapshotRef specifies the VolumeGroupSnapshot object to which this + /// VolumeGroupSnapshotContent object is bound. + /// VolumeGroupSnapshot.Spec.VolumeGroupSnapshotContentName field must reference to + /// this VolumeGroupSnapshotContent's name for the bidirectional binding to be valid. + /// For a pre-existing VolumeGroupSnapshotContent object, name and namespace of the + /// VolumeGroupSnapshot object MUST be provided for binding to happen. + /// This field is immutable after creation. + /// Required. + #[serde(rename = "volumeGroupSnapshotRef")] + pub volume_group_snapshot_ref: ObjectReference, +} + +/// Spec defines properties of a VolumeGroupSnapshotContent created by the underlying storage system. +/// Required. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum VolumeGroupSnapshotContentDeletionPolicy { + Delete, + Retain, +} + +/// Source specifies whether the snapshot is (or should be) dynamically provisioned +/// or already exists, and just requires a Kubernetes object representation. +/// This field is immutable after creation. +/// Required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotContentSource { + /// GroupSnapshotHandles specifies the CSI "group_snapshot_id" of a pre-existing + /// group snapshot and a list of CSI "snapshot_id" of pre-existing snapshots + /// on the underlying storage system for which a Kubernetes object + /// representation was (or should be) created. + /// This field is immutable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "groupSnapshotHandles")] + pub group_snapshot_handles: Option, + /// VolumeHandles is a list of volume handles on the backend to be snapshotted + /// together. It is specified for dynamic provisioning of the VolumeGroupSnapshot. + /// This field is immutable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeHandles")] + pub volume_handles: Option>, +} + +/// GroupSnapshotHandles specifies the CSI "group_snapshot_id" of a pre-existing +/// group snapshot and a list of CSI "snapshot_id" of pre-existing snapshots +/// on the underlying storage system for which a Kubernetes object +/// representation was (or should be) created. +/// This field is immutable. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotContentSourceGroupSnapshotHandles { + /// VolumeGroupSnapshotHandle specifies the CSI "group_snapshot_id" of a pre-existing + /// group snapshot on the underlying storage system for which a Kubernetes object + /// representation was (or should be) created. + /// This field is immutable. + /// Required. + #[serde(rename = "volumeGroupSnapshotHandle")] + pub volume_group_snapshot_handle: String, + /// VolumeSnapshotHandles is a list of CSI "snapshot_id" of pre-existing + /// snapshots on the underlying storage system for which Kubernetes objects + /// representation were (or should be) created. + /// This field is immutable. + /// Required. + #[serde(rename = "volumeSnapshotHandles")] + pub volume_snapshot_handles: Vec, +} + +/// VolumeGroupSnapshotRef specifies the VolumeGroupSnapshot object to which this +/// VolumeGroupSnapshotContent object is bound. +/// VolumeGroupSnapshot.Spec.VolumeGroupSnapshotContentName field must reference to +/// this VolumeGroupSnapshotContent's name for the bidirectional binding to be valid. +/// For a pre-existing VolumeGroupSnapshotContent object, name and namespace of the +/// VolumeGroupSnapshot object MUST be provided for binding to happen. +/// This field is immutable after creation. +/// Required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotContentVolumeGroupSnapshotRef { + /// API version of the referent. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] + pub api_version: Option, + /// If referring to a piece of an object instead of an entire object, this string + /// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + /// For example, if the object reference is to a container within a pod, this would take on a value like: + /// "spec.containers{name}" (where "name" refers to the name of the container that triggered + /// the event) or if no container name is specified "spec.containers[2]" (container with + /// index 2 in this pod). This syntax is chosen only to have some well-defined way of + /// referencing a part of an object. + /// TODO: this design is not final and this field is subject to change in the future. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "fieldPath")] + pub field_path: Option, + /// Kind of the referent. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Specific resourceVersion to which this reference is made, if any. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceVersion")] + pub resource_version: Option, + /// UID of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uid: Option, +} + +/// status represents the current information of a group snapshot. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotContentStatus { + /// CreationTime is the timestamp when the point-in-time group snapshot is taken + /// by the underlying storage system. + /// If not specified, it indicates the creation time is unknown. + /// If not specified, it means the readiness of a group snapshot is unknown. + /// The format of this field is a Unix nanoseconds time encoded as an int64. + /// On Unix, the command date +%s%N returns the current time in nanoseconds + /// since 1970-01-01 00:00:00 UTC. + /// This field is the source for the CreationTime field in VolumeGroupSnapshotStatus + #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationTime")] + pub creation_time: Option, + /// Error is the last observed error during group snapshot creation, if any. + /// Upon success after retry, this error field will be cleared. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// ReadyToUse indicates if all the individual snapshots in the group are ready to be + /// used to restore a group of volumes. + /// ReadyToUse becomes true when ReadyToUse of all individual snapshots become true. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readyToUse")] + pub ready_to_use: Option, + /// VolumeGroupSnapshotHandle is a unique id returned by the CSI driver + /// to identify the VolumeGroupSnapshot on the storage system. + /// If a storage system does not provide such an id, the + /// CSI driver can choose to return the VolumeGroupSnapshot name. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeGroupSnapshotHandle")] + pub volume_group_snapshot_handle: Option, + /// VolumeSnapshotHandlePairList is a list of CSI "volume_id" and "snapshot_id" + /// pair returned by the CSI driver to identify snapshots and their source volumes + /// on the storage system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeSnapshotHandlePairList")] + pub volume_snapshot_handle_pair_list: Option>, +} + +/// Error is the last observed error during group snapshot creation, if any. +/// Upon success after retry, this error field will be cleared. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotContentStatusError { + /// message is a string detailing the encountered error during snapshot + /// creation if specified. + /// NOTE: message may be logged, and it should not contain sensitive + /// information. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// time is the timestamp when the error was encountered. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub time: Option, +} + +/// VolumeSnapshotHandlePair defines a pair of a source volume handle and a snapshot handle +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotContentStatusVolumeSnapshotHandlePairList { + /// SnapshotHandle is a unique id returned by the CSI driver to identify a volume + /// snapshot on the storage system + /// Required. + #[serde(rename = "snapshotHandle")] + pub snapshot_handle: String, + /// VolumeHandle is a unique id returned by the CSI driver to identify a volume + /// on the storage system + /// Required. + #[serde(rename = "volumeHandle")] + pub volume_handle: String, +} + diff --git a/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshots.rs b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshots.rs new file mode 100644 index 000000000..c8561af7c --- /dev/null +++ b/kube-custom-resources-rs/src/groupsnapshot_storage_k8s_io/v1beta1/volumegroupsnapshots.rs @@ -0,0 +1,156 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/kubernetes-csi/external-snapshotter/groupsnapshot.storage.k8s.io/v1beta1/volumegroupsnapshots.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; +} +use self::prelude::*; + +/// Spec defines the desired characteristics of a group snapshot requested by a user. +/// Required. +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "groupsnapshot.storage.k8s.io", version = "v1beta1", kind = "VolumeGroupSnapshot", plural = "volumegroupsnapshots")] +#[kube(namespaced)] +#[kube(status = "VolumeGroupSnapshotStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct VolumeGroupSnapshotSpec { + /// Source specifies where a group snapshot will be created from. + /// This field is immutable after creation. + /// Required. + pub source: VolumeGroupSnapshotSource, + /// VolumeGroupSnapshotClassName is the name of the VolumeGroupSnapshotClass + /// requested by the VolumeGroupSnapshot. + /// VolumeGroupSnapshotClassName may be left nil to indicate that the default + /// class will be used. + /// Empty string is not allowed for this field. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeGroupSnapshotClassName")] + pub volume_group_snapshot_class_name: Option, +} + +/// Source specifies where a group snapshot will be created from. +/// This field is immutable after creation. +/// Required. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotSource { + /// Selector is a label query over persistent volume claims that are to be + /// grouped together for snapshotting. + /// This labelSelector will be used to match the label added to a PVC. + /// If the label is added or removed to a volume after a group snapshot + /// is created, the existing group snapshots won't be modified. + /// Once a VolumeGroupSnapshotContent is created and the sidecar starts to process + /// it, the volume list will not change with retries. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// VolumeGroupSnapshotContentName specifies the name of a pre-existing VolumeGroupSnapshotContent + /// object representing an existing volume group snapshot. + /// This field should be set if the volume group snapshot already exists and + /// only needs a representation in Kubernetes. + /// This field is immutable. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "volumeGroupSnapshotContentName")] + pub volume_group_snapshot_content_name: Option, +} + +/// Selector is a label query over persistent volume claims that are to be +/// grouped together for snapshotting. +/// This labelSelector will be used to match the label added to a PVC. +/// If the label is added or removed to a volume after a group snapshot +/// is created, the existing group snapshots won't be modified. +/// Once a VolumeGroupSnapshotContent is created and the sidecar starts to process +/// it, the volume list will not change with retries. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotSourceSelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotSourceSelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Status represents the current information of a group snapshot. +/// Consumers must verify binding between VolumeGroupSnapshot and +/// VolumeGroupSnapshotContent objects is successful (by validating that both +/// VolumeGroupSnapshot and VolumeGroupSnapshotContent point to each other) before +/// using this object. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotStatus { + /// BoundVolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent + /// object to which this VolumeGroupSnapshot object intends to bind to. + /// If not specified, it indicates that the VolumeGroupSnapshot object has not + /// been successfully bound to a VolumeGroupSnapshotContent object yet. + /// NOTE: To avoid possible security issues, consumers must verify binding between + /// VolumeGroupSnapshot and VolumeGroupSnapshotContent objects is successful + /// (by validating that both VolumeGroupSnapshot and VolumeGroupSnapshotContent + /// point at each other) before using this object. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "boundVolumeGroupSnapshotContentName")] + pub bound_volume_group_snapshot_content_name: Option, + /// CreationTime is the timestamp when the point-in-time group snapshot is taken + /// by the underlying storage system. + /// If not specified, it may indicate that the creation time of the group snapshot + /// is unknown. + /// The format of this field is a Unix nanoseconds time encoded as an int64. + /// On Unix, the command date +%s%N returns the current time in nanoseconds + /// since 1970-01-01 00:00:00 UTC. + /// This field is updated based on the CreationTime field in VolumeGroupSnapshotContentStatus + #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationTime")] + pub creation_time: Option, + /// Error is the last observed error during group snapshot creation, if any. + /// This field could be helpful to upper level controllers (i.e., application + /// controller) to decide whether they should continue on waiting for the group + /// snapshot to be created based on the type of error reported. + /// The snapshot controller will keep retrying when an error occurs during the + /// group snapshot creation. Upon success, this error field will be cleared. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub error: Option, + /// ReadyToUse indicates if all the individual snapshots in the group are ready + /// to be used to restore a group of volumes. + /// ReadyToUse becomes true when ReadyToUse of all individual snapshots become true. + /// If not specified, it means the readiness of a group snapshot is unknown. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "readyToUse")] + pub ready_to_use: Option, +} + +/// Error is the last observed error during group snapshot creation, if any. +/// This field could be helpful to upper level controllers (i.e., application +/// controller) to decide whether they should continue on waiting for the group +/// snapshot to be created based on the type of error reported. +/// The snapshot controller will keep retrying when an error occurs during the +/// group snapshot creation. Upon success, this error field will be cleared. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VolumeGroupSnapshotStatusError { + /// message is a string detailing the encountered error during snapshot + /// creation if specified. + /// NOTE: message may be logged, and it should not contain sensitive + /// information. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, + /// time is the timestamp when the error was encountered. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub time: Option, +} + diff --git a/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs b/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs index bc6aa2600..b05faf0af 100644 --- a/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs +++ b/kube-custom-resources-rs/src/hive_openshift_io/v1/machinepools.rs @@ -477,7 +477,7 @@ pub struct MachinePoolPlatformIbmcloudDedicatedHosts { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MachinePoolPlatformOpenstack { /// AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID - /// is presented in the format sg-xxxx. + /// is presented in the UUID format. #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalSecurityGroupIDs")] pub additional_security_group_i_ds: Option>, /// Flavor defines the OpenStack Nova flavor. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsclustertemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsclustertemplates.rs index 9e0468822..cb090639c 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsclustertemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsclustertemplates.rs @@ -37,7 +37,7 @@ pub struct IBMPowerVSClusterTemplateTemplate { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSClusterTemplateTemplateMetadata { - /// Annotations is an unstructured key value map stored with a resource that may be + /// annotations is an unstructured key value map stored with a resource that may be /// set by external tools to store and retrieve arbitrary metadata. They are not /// queryable and should be preserved when modifying objects. /// More info: http://kubernetes.io/docs/user-guide/annotations diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs index e518efd3f..2422808d3 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachines.rs @@ -74,9 +74,7 @@ pub struct IBMPowerVSMachineImageRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -109,7 +107,6 @@ pub struct IBMPowerVSMachineStatus { /// reconciling the Machine and will contain a more verbose string suitable /// for logging and human consumption. /// - /// /// This field should not be set for transitive errors that a controller /// faces that are expected to be fixed automatically over /// time (like service outages), but instead indicate that something is @@ -119,7 +116,6 @@ pub struct IBMPowerVSMachineStatus { /// spec, values that are unsupported by the controller, or the /// responsible controller itself being critically misconfigured. /// - /// /// Any transient errors that occur during the reconciliation of Machines /// can be added as events to the Machine object and/or logged in the /// controller's output. @@ -129,7 +125,6 @@ pub struct IBMPowerVSMachineStatus { /// reconciling the Machine and will contain a succinct value suitable /// for machine interpretation. /// - /// /// This field should not be set for transitive errors that a controller /// faces that are expected to be fixed automatically over /// time (like service outages), but instead indicate that something is @@ -139,7 +134,6 @@ pub struct IBMPowerVSMachineStatus { /// spec, values that are unsupported by the controller, or the /// responsible controller itself being critically misconfigured. /// - /// /// Any transient errors that occur during the reconciliation of Machines /// can be added as events to the Machine object and/or logged in the /// controller's output. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs index ae74e2845..751f2cc9b 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmpowervsmachinetemplates.rs @@ -89,9 +89,7 @@ pub struct IBMPowerVSMachineTemplateTemplateSpecImageRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachines.rs index 8d7bbe470..ddaf04129 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachines.rs @@ -35,7 +35,6 @@ pub struct IBMVPCMachineSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "primaryNetworkInterface")] pub primary_network_interface: Option, /// Profile indicates the flavor of instance. Example: bx2-8x32 means 8 vCPUs 32 GB RAM 16 Gbps - /// TODO: add a reference link of profile #[serde(default, skip_serializing_if = "Option::is_none")] pub profile: Option, /// ProviderID is the unique identifier as specified by the cloud provider. @@ -48,7 +47,6 @@ pub struct IBMVPCMachineSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "sshKeys")] pub ssh_keys: Option>, /// Zone is the place where the instance should be created. Example: us-south-3 - /// TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 pub zone: String, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachinetemplates.rs index da06e2c93..eb23150ed 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/ibmvpcmachinetemplates.rs @@ -48,7 +48,6 @@ pub struct IBMVPCMachineTemplateTemplateSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "primaryNetworkInterface")] pub primary_network_interface: Option, /// Profile indicates the flavor of instance. Example: bx2-8x32 means 8 vCPUs 32 GB RAM 16 Gbps - /// TODO: add a reference link of profile #[serde(default, skip_serializing_if = "Option::is_none")] pub profile: Option, /// ProviderID is the unique identifier as specified by the cloud provider. @@ -61,7 +60,6 @@ pub struct IBMVPCMachineTemplateTemplateSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "sshKeys")] pub ssh_keys: Option>, /// Zone is the place where the instance should be created. Example: us-south-3 - /// TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 pub zone: String, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachines.rs index be70eab79..9a6cac158 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachines.rs @@ -67,12 +67,20 @@ pub struct TinkerbellMachineSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TinkerbellMachineBootOptions { /// BootMode is the type of booting that will be done. + /// Must be one of "none", "netboot", or "iso". #[serde(default, skip_serializing_if = "Option::is_none", rename = "bootMode")] pub boot_mode: Option, /// ISOURL is the URL of the ISO that will be one-time booted. /// When this field is set, the controller will create a job.bmc.tinkerbell.org object /// for getting the associated hardware into a CDROM booting state. /// A HardwareRef that contains a spec.BmcRef must be provided. + /// + /// The format of the ISOURL must be http://$IP:$Port/iso/:macAddress/hook.iso + /// The name of the ISO file must have the .iso extension, but the name can be anything. + /// The $IP and $Port should generally point to the IP and Port of the Smee server + /// as this is where the ISO patching endpoint lives. + /// The ":macAddress" is a placeholder for the MAC address of the hardware and + /// should be provided exactly as is: ":macAddress". #[serde(default, skip_serializing_if = "Option::is_none", rename = "isoURL")] pub iso_url: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachinetemplates.rs index 0dde3a370..a2a44ddbe 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/tinkerbellmachinetemplates.rs @@ -80,12 +80,20 @@ pub struct TinkerbellMachineTemplateTemplateSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct TinkerbellMachineTemplateTemplateSpecBootOptions { /// BootMode is the type of booting that will be done. + /// Must be one of "none", "netboot", or "iso". #[serde(default, skip_serializing_if = "Option::is_none", rename = "bootMode")] pub boot_mode: Option, /// ISOURL is the URL of the ISO that will be one-time booted. /// When this field is set, the controller will create a job.bmc.tinkerbell.org object /// for getting the associated hardware into a CDROM booting state. /// A HardwareRef that contains a spec.BmcRef must be provided. + /// + /// The format of the ISOURL must be http://$IP:$Port/iso/:macAddress/hook.iso + /// The name of the ISO file must have the .iso extension, but the name can be anything. + /// The $IP and $Port should generally point to the IP and Port of the Smee server + /// as this is where the ISO patching endpoint lives. + /// The ":macAddress" is a placeholder for the MAC address of the hardware and + /// should be provided exactly as is: ":macAddress". #[serde(default, skip_serializing_if = "Option::is_none", rename = "isoURL")] pub iso_url: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs index de0389ab4..ddff0842b 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherefailuredomains.rs @@ -64,6 +64,9 @@ pub struct VSphereFailureDomainTopology { /// Hosts has information required for placement of machines on VSphere hosts. #[serde(default, skip_serializing_if = "Option::is_none")] pub hosts: Option, + /// NetworkConfigurations is a list of network configurations within this failure domain. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "networkConfigurations")] + pub network_configurations: Option>, /// Networks is the list of networks within this failure domain #[serde(default, skip_serializing_if = "Option::is_none")] pub networks: Option>, @@ -80,6 +83,162 @@ pub struct VSphereFailureDomainTopologyHosts { pub vm_group_name: String, } +/// NetworkConfiguration defines a network configuration that should be used when consuming +/// a failure domain. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurations { + /// AddressesFromPools is a list of IPAddressPools that should be assigned + /// to IPAddressClaims. The machine's cloud-init metadata will be populated + /// with IPAddresses fulfilled by an IPAM provider. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "addressesFromPools")] + pub addresses_from_pools: Option>, + /// DHCP4 is a flag that indicates whether or not to use DHCP for IPv4. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dhcp4: Option, + /// DHCP4Overrides allows for the control over several DHCP behaviors. + /// Overrides will only be applied when the corresponding DHCP flag is set. + /// Only configured values will be sent, omitted values will default to + /// distribution defaults. + /// Dependent on support in the network stack for your distribution. + /// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dhcp4Overrides")] + pub dhcp4_overrides: Option, + /// DHCP6 is a flag that indicates whether or not to use DHCP for IPv6. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dhcp6: Option, + /// DHCP6Overrides allows for the control over several DHCP behaviors. + /// Overrides will only be applied when the corresponding DHCP flag is set. + /// Only configured values will be sent, omitted values will default to + /// distribution defaults. + /// Dependent on support in the network stack for your distribution. + /// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) + #[serde(default, skip_serializing_if = "Option::is_none", rename = "dhcp6Overrides")] + pub dhcp6_overrides: Option, + /// Nameservers is a list of IPv4 and/or IPv6 addresses used as DNS + /// nameservers. + /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub nameservers: Option>, + /// NetworkName is the network name for this machine's VM. + #[serde(rename = "networkName")] + pub network_name: String, + /// SearchDomains is a list of search domains used when resolving IP + /// addresses with DNS. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "searchDomains")] + pub search_domains: Option>, +} + +/// TypedLocalObjectReference contains enough information to let you locate the +/// typed referenced object inside the same namespace. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurationsAddressesFromPools { + /// APIGroup is the group for the resource being referenced. + /// If APIGroup is not specified, the specified Kind must be in the core API group. + /// For any other third-party types, APIGroup is required. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] + pub api_group: Option, + /// Kind is the type of resource being referenced + pub kind: String, + /// Name is the name of resource being referenced + pub name: String, +} + +/// DHCP4Overrides allows for the control over several DHCP behaviors. +/// Overrides will only be applied when the corresponding DHCP flag is set. +/// Only configured values will be sent, omitted values will default to +/// distribution defaults. +/// Dependent on support in the network stack for your distribution. +/// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurationsDhcp4Overrides { + /// Hostname is the name which will be sent to the DHCP server instead of + /// the machine's hostname. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostname: Option, + /// RouteMetric is used to prioritize routes for devices. A lower metric for + /// an interface will have a higher priority. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "routeMetric")] + pub route_metric: Option, + /// SendHostname when `true`, the hostname of the machine will be sent to the + /// DHCP server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendHostname")] + pub send_hostname: Option, + /// UseDNS when `true`, the DNS servers in the DHCP server will be used and + /// take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDNS")] + pub use_dns: Option, + /// UseDomains can take the values `true`, `false`, or `route`. When `true`, + /// the domain name from the DHCP server will be used as the DNS search + /// domain for this device. When `route`, the domain name from the DHCP + /// response will be used for routing DNS only, not for searching. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDomains")] + pub use_domains: Option, + /// UseHostname when `true`, the hostname from the DHCP server will be set + /// as the transient hostname of the machine. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useHostname")] + pub use_hostname: Option, + /// UseMTU when `true`, the MTU from the DHCP server will be set as the + /// MTU of the device. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useMTU")] + pub use_mtu: Option, + /// UseNTP when `true`, the NTP servers from the DHCP server will be used + /// by systemd-timesyncd and take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useNTP")] + pub use_ntp: Option, + /// UseRoutes when `true`, the routes from the DHCP server will be installed + /// in the routing table. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useRoutes")] + pub use_routes: Option, +} + +/// DHCP6Overrides allows for the control over several DHCP behaviors. +/// Overrides will only be applied when the corresponding DHCP flag is set. +/// Only configured values will be sent, omitted values will default to +/// distribution defaults. +/// Dependent on support in the network stack for your distribution. +/// For more information see the netplan reference (https://netplan.io/reference#dhcp-overrides) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct VSphereFailureDomainTopologyNetworkConfigurationsDhcp6Overrides { + /// Hostname is the name which will be sent to the DHCP server instead of + /// the machine's hostname. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hostname: Option, + /// RouteMetric is used to prioritize routes for devices. A lower metric for + /// an interface will have a higher priority. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "routeMetric")] + pub route_metric: Option, + /// SendHostname when `true`, the hostname of the machine will be sent to the + /// DHCP server. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sendHostname")] + pub send_hostname: Option, + /// UseDNS when `true`, the DNS servers in the DHCP server will be used and + /// take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDNS")] + pub use_dns: Option, + /// UseDomains can take the values `true`, `false`, or `route`. When `true`, + /// the domain name from the DHCP server will be used as the DNS search + /// domain for this device. When `route`, the domain name from the DHCP + /// response will be used for routing DNS only, not for searching. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useDomains")] + pub use_domains: Option, + /// UseHostname when `true`, the hostname from the DHCP server will be set + /// as the transient hostname of the machine. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useHostname")] + pub use_hostname: Option, + /// UseMTU when `true`, the MTU from the DHCP server will be set as the + /// MTU of the device. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useMTU")] + pub use_mtu: Option, + /// UseNTP when `true`, the NTP servers from the DHCP server will be used + /// by systemd-timesyncd and take precedence. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useNTP")] + pub use_ntp: Option, + /// UseRoutes when `true`, the routes from the DHCP server will be installed + /// in the routing table. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "useRoutes")] + pub use_routes: Option, +} + /// Zone defines the name and type of a zone #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub struct VSphereFailureDomainZone { diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs index 1807d81c8..34b026346 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachines.rs @@ -39,13 +39,13 @@ pub struct VSphereMachineSpec { /// Defaults to empty map #[serde(default, skip_serializing_if = "Option::is_none", rename = "customVMXKeys")] pub custom_vmx_keys: Option>, - /// Datacenter is the name or inventory path of the datacenter in which the - /// virtual machine is created/located. + /// Datacenter is the name, inventory path, managed object reference or the managed + /// object ID of the datacenter in which the virtual machine is created/located. /// Defaults to * which selects the default datacenter. #[serde(default, skip_serializing_if = "Option::is_none")] pub datacenter: Option, - /// Datastore is the name or inventory path of the datastore in which the - /// virtual machine is created/located. + /// Datastore is the name, inventory path, managed object reference or the managed + /// object ID of the datastore in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub datastore: Option, /// DiskGiB is the size of a virtual machine's disk, in GiB. @@ -57,8 +57,8 @@ pub struct VSphereMachineSpec { /// For this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureDomain")] pub failure_domain: Option, - /// Folder is the name or inventory path of the folder in which the - /// virtual machine is created/located. + /// Folder is the name, inventory path, managed object reference or the managed + /// object ID of the folder in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, /// GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest. @@ -118,8 +118,8 @@ pub struct VSphereMachineSpec { /// vsphere://12345678-1234-1234-1234-123456789abc #[serde(default, skip_serializing_if = "Option::is_none", rename = "providerID")] pub provider_id: Option, - /// ResourcePool is the name or inventory path of the resource pool in which - /// the virtual machine is created/located. + /// ResourcePool is the name, inventory path, managed object reference or the managed + /// object ID in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourcePool")] pub resource_pool: Option, /// Server is the IP address or FQDN of the vSphere server on which @@ -139,8 +139,8 @@ pub struct VSphereMachineSpec { /// must use URN-notation instead of display names. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagIDs")] pub tag_i_ds: Option>, - /// Template is the name or inventory path of the template used to clone - /// the virtual machine. + /// Template is the name, inventory path, managed object reference or the managed + /// object ID of the template used to clone the virtual machine. pub template: String, /// Thumbprint is the colon-separated SHA-1 checksum of the given vCenter server's host certificate /// When this is set to empty, this VirtualMachine would be created @@ -235,8 +235,8 @@ pub struct VSphereMachineNetworkDevices { /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// NetworkName is the name of the vSphere network to which the device - /// will be connected. + /// NetworkName is the name, managed object reference or the managed + /// object ID of the vSphere network to which the device will be connected. #[serde(rename = "networkName")] pub network_name: String, /// Routes is a list of optional, static routes applied to the device. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs index 12911f2dc..bc400d8fe 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspheremachinetemplates.rs @@ -73,13 +73,13 @@ pub struct VSphereMachineTemplateTemplateSpec { /// Defaults to empty map #[serde(default, skip_serializing_if = "Option::is_none", rename = "customVMXKeys")] pub custom_vmx_keys: Option>, - /// Datacenter is the name or inventory path of the datacenter in which the - /// virtual machine is created/located. + /// Datacenter is the name, inventory path, managed object reference or the managed + /// object ID of the datacenter in which the virtual machine is created/located. /// Defaults to * which selects the default datacenter. #[serde(default, skip_serializing_if = "Option::is_none")] pub datacenter: Option, - /// Datastore is the name or inventory path of the datastore in which the - /// virtual machine is created/located. + /// Datastore is the name, inventory path, managed object reference or the managed + /// object ID of the datastore in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub datastore: Option, /// DiskGiB is the size of a virtual machine's disk, in GiB. @@ -91,8 +91,8 @@ pub struct VSphereMachineTemplateTemplateSpec { /// For this infrastructure provider, the name is equivalent to the name of the VSphereDeploymentZone. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureDomain")] pub failure_domain: Option, - /// Folder is the name or inventory path of the folder in which the - /// virtual machine is created/located. + /// Folder is the name, inventory path, managed object reference or the managed + /// object ID of the folder in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, /// GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest. @@ -152,8 +152,8 @@ pub struct VSphereMachineTemplateTemplateSpec { /// vsphere://12345678-1234-1234-1234-123456789abc #[serde(default, skip_serializing_if = "Option::is_none", rename = "providerID")] pub provider_id: Option, - /// ResourcePool is the name or inventory path of the resource pool in which - /// the virtual machine is created/located. + /// ResourcePool is the name, inventory path, managed object reference or the managed + /// object ID in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourcePool")] pub resource_pool: Option, /// Server is the IP address or FQDN of the vSphere server on which @@ -173,8 +173,8 @@ pub struct VSphereMachineTemplateTemplateSpec { /// must use URN-notation instead of display names. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagIDs")] pub tag_i_ds: Option>, - /// Template is the name or inventory path of the template used to clone - /// the virtual machine. + /// Template is the name, inventory path, managed object reference or the managed + /// object ID of the template used to clone the virtual machine. pub template: String, /// Thumbprint is the colon-separated SHA-1 checksum of the given vCenter server's host certificate /// When this is set to empty, this VirtualMachine would be created @@ -269,8 +269,8 @@ pub struct VSphereMachineTemplateTemplateSpecNetworkDevices { /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// NetworkName is the name of the vSphere network to which the device - /// will be connected. + /// NetworkName is the name, managed object reference or the managed + /// object ID of the vSphere network to which the device will be connected. #[serde(rename = "networkName")] pub network_name: String, /// Routes is a list of optional, static routes applied to the device. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs index fab4a7081..2e694b7e4 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta1/vspherevms.rs @@ -52,13 +52,13 @@ pub struct VSphereVMSpec { /// Defaults to empty map #[serde(default, skip_serializing_if = "Option::is_none", rename = "customVMXKeys")] pub custom_vmx_keys: Option>, - /// Datacenter is the name or inventory path of the datacenter in which the - /// virtual machine is created/located. + /// Datacenter is the name, inventory path, managed object reference or the managed + /// object ID of the datacenter in which the virtual machine is created/located. /// Defaults to * which selects the default datacenter. #[serde(default, skip_serializing_if = "Option::is_none")] pub datacenter: Option, - /// Datastore is the name or inventory path of the datastore in which the - /// virtual machine is created/located. + /// Datastore is the name, inventory path, managed object reference or the managed + /// object ID of the datastore in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub datastore: Option, /// DiskGiB is the size of a virtual machine's disk, in GiB. @@ -66,8 +66,8 @@ pub struct VSphereVMSpec { /// virtual machine is cloned. #[serde(default, skip_serializing_if = "Option::is_none", rename = "diskGiB")] pub disk_gi_b: Option, - /// Folder is the name or inventory path of the folder in which the - /// virtual machine is created/located. + /// Folder is the name, inventory path, managed object reference or the managed + /// object ID of the folder in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none")] pub folder: Option, /// GuestSoftPowerOffTimeout sets the wait timeout for shutdown in the VM guest. @@ -123,8 +123,8 @@ pub struct VSphereVMSpec { /// If omitted, the mode defaults to hard. #[serde(default, skip_serializing_if = "Option::is_none", rename = "powerOffMode")] pub power_off_mode: Option, - /// ResourcePool is the name or inventory path of the resource pool in which - /// the virtual machine is created/located. + /// ResourcePool is the name, inventory path, managed object reference or the managed + /// object ID in which the virtual machine is created/located. #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourcePool")] pub resource_pool: Option, /// Server is the IP address or FQDN of the vSphere server on which @@ -144,8 +144,8 @@ pub struct VSphereVMSpec { /// must use URN-notation instead of display names. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagIDs")] pub tag_i_ds: Option>, - /// Template is the name or inventory path of the template used to clone - /// the virtual machine. + /// Template is the name, inventory path, managed object reference or the managed + /// object ID of the template used to clone the virtual machine. pub template: String, /// Thumbprint is the colon-separated SHA-1 checksum of the given vCenter server's host certificate /// When this is set to empty, this VirtualMachine would be created @@ -280,8 +280,8 @@ pub struct VSphereVMNetworkDevices { /// Please note that Linux allows only three nameservers (https://linux.die.net/man/5/resolv.conf). #[serde(default, skip_serializing_if = "Option::is_none")] pub nameservers: Option>, - /// NetworkName is the name of the vSphere network to which the device - /// will be connected. + /// NetworkName is the name, managed object reference or the managed + /// object ID of the vSphere network to which the device will be connected. #[serde(rename = "networkName")] pub network_name: String, /// Routes is a list of optional, static routes applied to the device. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs index 0e7a01706..71bdc61e6 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsclustertemplates.rs @@ -37,7 +37,7 @@ pub struct IBMPowerVSClusterTemplateTemplate { /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct IBMPowerVSClusterTemplateTemplateMetadata { - /// Annotations is an unstructured key value map stored with a resource that may be + /// annotations is an unstructured key value map stored with a resource that may be /// set by external tools to store and retrieve arbitrary metadata. They are not /// queryable and should be preserved when modifying objects. /// More info: http://kubernetes.io/docs/user-guide/annotations diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs index ed22c34af..e5d4e3903 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachines.rs @@ -119,9 +119,7 @@ pub struct IBMPowerVSMachineImageRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -201,7 +199,6 @@ pub struct IBMPowerVSMachineStatus { /// reconciling the Machine and will contain a more verbose string suitable /// for logging and human consumption. /// - /// /// This field should not be set for transitive errors that a controller /// faces that are expected to be fixed automatically over /// time (like service outages), but instead indicate that something is @@ -211,7 +208,6 @@ pub struct IBMPowerVSMachineStatus { /// spec, values that are unsupported by the controller, or the /// responsible controller itself being critically misconfigured. /// - /// /// Any transient errors that occur during the reconciliation of Machines /// can be added as events to the Machine object and/or logged in the /// controller's output. @@ -221,7 +217,6 @@ pub struct IBMPowerVSMachineStatus { /// reconciling the Machine and will contain a succinct value suitable /// for machine interpretation. /// - /// /// This field should not be set for transitive errors that a controller /// faces that are expected to be fixed automatically over /// time (like service outages), but instead indicate that something is @@ -231,7 +226,6 @@ pub struct IBMPowerVSMachineStatus { /// spec, values that are unsupported by the controller, or the /// responsible controller itself being critically misconfigured. /// - /// /// Any transient errors that occur during the reconciliation of Machines /// can be added as events to the Machine object and/or logged in the /// controller's output. diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs index 1040be4e3..10a391fe2 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmpowervsmachinetemplates.rs @@ -133,9 +133,7 @@ pub struct IBMPowerVSMachineTemplateTemplateSpecImageRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachines.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachines.rs index 4d0a376a7..0082265f1 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachines.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachines.rs @@ -42,7 +42,6 @@ pub struct IBMVPCMachineSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "primaryNetworkInterface")] pub primary_network_interface: Option, /// Profile indicates the flavor of instance. Example: bx2-8x32 means 8 vCPUs 32 GB RAM 16 Gbps - /// TODO: add a reference link of profile #[serde(default, skip_serializing_if = "Option::is_none")] pub profile: Option, /// ProviderID is the unique identifier as specified by the cloud provider. @@ -53,7 +52,6 @@ pub struct IBMVPCMachineSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "sshKeys")] pub ssh_keys: Option>, /// Zone is the place where the instance should be created. Example: us-south-3 - /// TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 pub zone: String, } diff --git a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachinetemplates.rs b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachinetemplates.rs index 4f50c776f..c4efdc6ba 100644 --- a/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachinetemplates.rs +++ b/kube-custom-resources-rs/src/infrastructure_cluster_x_k8s_io/v1beta2/ibmvpcmachinetemplates.rs @@ -57,7 +57,6 @@ pub struct IBMVPCMachineTemplateTemplateSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "primaryNetworkInterface")] pub primary_network_interface: Option, /// Profile indicates the flavor of instance. Example: bx2-8x32 means 8 vCPUs 32 GB RAM 16 Gbps - /// TODO: add a reference link of profile #[serde(default, skip_serializing_if = "Option::is_none")] pub profile: Option, /// ProviderID is the unique identifier as specified by the cloud provider. @@ -68,7 +67,6 @@ pub struct IBMVPCMachineTemplateTemplateSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "sshKeys")] pub ssh_keys: Option>, /// Zone is the place where the instance should be created. Example: us-south-3 - /// TODO: Actually zone is transparent to user. The field user can access is location. Example: Dallas 2 pub zone: String, } diff --git a/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs b/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs index 98c9ff29c..cb6a1aa16 100644 --- a/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs +++ b/kube-custom-resources-rs/src/karpenter_k8s_aws/v1/ec2nodeclasses.rs @@ -134,7 +134,7 @@ pub struct EC2NodeClassAmiSelectorTerms { /// You can specify a combination of AWS account IDs, "self", "amazon", and "aws-marketplace" #[serde(default, skip_serializing_if = "Option::is_none")] pub owner: Option, - /// Tags is a map of key/value tags used to select subnets + /// Tags is a map of key/value tags used to select amis. /// Specifying '*' for a value selects all values for a given tag key. #[serde(default, skip_serializing_if = "Option::is_none")] pub tags: Option>, @@ -429,7 +429,7 @@ pub struct EC2NodeClassSecurityGroupSelectorTerms { /// This value is the name field, which is different from the name tag. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, - /// Tags is a map of key/value tags used to select subnets + /// Tags is a map of key/value tags used to select security groups. /// Specifying '*' for a value selects all values for a given tag key. #[serde(default, skip_serializing_if = "Option::is_none")] pub tags: Option>, @@ -461,11 +461,11 @@ pub struct EC2NodeClassStatus { /// InstanceProfile contains the resolved instance profile for the role #[serde(default, skip_serializing_if = "Option::is_none", rename = "instanceProfile")] pub instance_profile: Option, - /// SecurityGroups contains the current Security Groups values that are available to the + /// SecurityGroups contains the current security group values that are available to the /// cluster under the SecurityGroups selectors. #[serde(default, skip_serializing_if = "Option::is_none", rename = "securityGroups")] pub security_groups: Option>, - /// Subnets contains the current Subnet values that are available to the + /// Subnets contains the current subnet values that are available to the /// cluster under the subnet selectors. #[serde(default, skip_serializing_if = "Option::is_none")] pub subnets: Option>, diff --git a/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs b/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs index ff19f6db4..35a1c4e66 100644 --- a/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs +++ b/kube-custom-resources-rs/src/karpenter_sh/v1/nodepools.rs @@ -82,7 +82,7 @@ pub struct NodePoolDisruptionBudgets { pub nodes: String, /// Reasons is a list of disruption methods that this budget applies to. If Reasons is not set, this budget applies to all methods. /// Otherwise, this will apply to each reason defined. - /// allowed reasons are Underutilized, Empty, and Drifted and additional CloudProvider-specific reasons. + /// allowed reasons are Underutilized, Empty, and Drifted. #[serde(default, skip_serializing_if = "Option::is_none")] pub reasons: Option>, /// Schedule specifies when a budget begins being active, following diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs index c4aa0931a..c796133ff 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/modules.rs @@ -34,6 +34,9 @@ pub struct ModuleSpec { pub module_loader: ModuleModuleLoader, /// Selector describes on which nodes the Module should be loaded and optionally built. pub selector: BTreeMap, + /// If specified, the pod's tolerations. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, } /// DevicePlugin allows overriding some properties of the container that deploys the device plugin on the node. @@ -2368,6 +2371,36 @@ pub struct ModuleModuleLoaderContainerSignUnsignedImageRegistryTls { pub insecure_skip_tls_verify: Option, } +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ModuleTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + /// ModuleStatus defines the observed state of Module. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ModuleStatus { diff --git a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs index 8b0801082..7223defa3 100644 --- a/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs +++ b/kube-custom-resources-rs/src/kmm_sigs_x_k8s_io/v1beta1/nodemodulesconfigs.rs @@ -54,6 +54,8 @@ pub struct NodeModulesConfigModulesConfig { #[serde(rename = "kernelVersion")] pub kernel_version: String, pub modprobe: NodeModulesConfigModulesConfigModprobe, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -123,6 +125,36 @@ pub struct NodeModulesConfigModulesConfigModprobeRawArgs { pub unload: Option>, } +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct NodeModulesConfigModulesConfigTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + /// LocalObjectReference contains enough information to let you locate the /// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -179,6 +211,8 @@ pub struct NodeModulesConfigStatusModulesConfig { #[serde(rename = "kernelVersion")] pub kernel_version: String, pub modprobe: NodeModulesConfigStatusModulesConfigModprobe, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub tolerations: Option>, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -248,6 +282,36 @@ pub struct NodeModulesConfigStatusModulesConfigModprobeRawArgs { pub unload: Option>, } +/// The pod this Toleration is attached to tolerates any taint that matches +/// the triple using the matching operator . +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct NodeModulesConfigStatusModulesConfigTolerations { + /// Effect indicates the taint effect to match. Empty means match all taint effects. + /// When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub effect: Option, + /// Key is the taint key that the toleration applies to. Empty means match all taint keys. + /// If the key is empty, operator must be Exists; this combination means to match all values and all keys. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Operator represents a key's relationship to the value. + /// Valid operators are Exists and Equal. Defaults to Equal. + /// Exists is equivalent to wildcard for value, so that a pod can + /// tolerate all taints of a particular category. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// TolerationSeconds represents the period of time the toleration (which must be + /// of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + /// it is not set, which means tolerate the taint forever (do not evict). Zero and + /// negative values will be treated as 0 (evict immediately) by the system. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tolerationSeconds")] + pub toleration_seconds: Option, + /// Value is the taint value the toleration matches to. + /// If the operator is Exists, the value should be empty, otherwise just a regular string. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + /// LocalObjectReference contains enough information to let you locate the /// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/kuadrant_io/mod.rs b/kube-custom-resources-rs/src/kuadrant_io/mod.rs index d9018c91d..df673c0f8 100644 --- a/kube-custom-resources-rs/src/kuadrant_io/mod.rs +++ b/kube-custom-resources-rs/src/kuadrant_io/mod.rs @@ -1,3 +1,4 @@ +pub mod v1; pub mod v1alpha1; pub mod v1beta1; pub mod v1beta2; diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs b/kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs new file mode 100644 index 000000000..1df497bac --- /dev/null +++ b/kube-custom-resources-rs/src/kuadrant_io/v1/authpolicies.rs @@ -0,0 +1,7001 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/authpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kuadrant.io", version = "v1", kind = "AuthPolicy", plural = "authpolicies")] +#[kube(namespaced)] +#[kube(status = "AuthPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct AuthPolicySpec { + /// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option, + /// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option, + /// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patterns: Option>, + /// The auth rules of the policy. + /// See Authorino's AuthConfig CRD for more details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option, + /// Reference to the object to which this policy applies. + #[serde(rename = "targetRef")] + pub target_ref: AuthPolicyTargetRef, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaults { + /// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patterns: Option>, + /// The auth rules of the policy. + /// See Authorino's AuthConfig CRD for more details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsPatterns { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsPatternsAllOf { + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsPatternsAllOfOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// The auth rules of the policy. +/// See Authorino's AuthConfig CRD for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRules { + /// Authentication configs. + /// At least one config MUST evaluate to a valid identity object for the auth request to be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication: Option>, + /// Authorization policies. + /// All policies MUST evaluate to "allowed = true" for the auth request be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option>, + /// Callback functions. + /// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub callbacks: Option>, + /// Metadata sources. + /// Authorino fetches auth metadata as JSON from sources specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Response items. + /// Authorino builds custom responses to the client of the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// Authentication configs. +/// At least one config MUST evaluate to a valid identity object for the auth request to be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthentication { + /// Anonymous access. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub anonymous: Option, + /// Authentication based on API keys stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Defines where credentials are required to be passed in the request for authentication based on this config. + /// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Set default property values (claims) for the resolved identity object, that are set before appending the object to + /// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option>, + /// Authentication based on JWT tokens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt: Option, + /// Authentication by Kubernetes token review. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesTokenReview")] + pub kubernetes_token_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Authentication by OAuth2 token introspection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2Introspection")] + pub oauth2_introspection: Option, + /// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + /// before appending the object to the authorization JSON. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option>, + /// Identity object extracted from the context. + /// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authentication based on client X.509 certificates. + /// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub x509: Option, +} + +/// Anonymous access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationAnonymous { +} + +/// Authentication based on API keys stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationApiKey { + /// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service + pub selector: AuthPolicyDefaultsRulesAuthenticationApiKeySelector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationApiKeySelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationApiKeySelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesAuthenticationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Defines where credentials are required to be passed in the request for authentication based on this config. +/// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationCredentialsQueryString { + pub name: String, +} + +/// Set default property values (claims) for the resolved identity object, that are set before appending the object to +/// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationDefaults { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authentication based on JWT tokens. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationJwt { + /// URL of the issuer of the JWT. + /// If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + /// (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + /// the "jkws_uri" claim from. + /// The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "issuerUrl")] + pub issuer_url: Option, + /// Decides how long to wait before refreshing the JWKS (in seconds). + /// If omitted, Authorino will never refresh the JWKS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Authentication by Kubernetes token review. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationKubernetesTokenReview { + /// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + /// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audiences: Option>, +} + +/// Authentication by OAuth2 token introspection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationOauth2Introspection { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyDefaultsRulesAuthenticationOauth2IntrospectionCredentialsRef, + /// The full URL of the token introspection endpoint. + pub endpoint: String, + /// The token type hint for the token introspection. + /// If omitted, it defaults to "access_token". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenTypeHint")] + pub token_type_hint: Option, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationOauth2IntrospectionCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, +/// before appending the object to the authorization JSON. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationOverrides { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Identity object extracted from the context. +/// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthenticationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authentication based on client X.509 certificates. +/// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationX509 { + /// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate + /// clients trying to authenticate to this service + pub selector: AuthPolicyDefaultsRulesAuthenticationX509Selector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate +/// clients trying to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationX509Selector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthenticationX509SelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Authorization policies. +/// All policies MUST evaluate to "allowed = true" for the auth request be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorization { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Authorization by Kubernetes SubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesSubjectAccessReview")] + pub kubernetes_subject_access_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Open Policy Agent (OPA) Rego policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opa: Option, + /// Pattern-matching authorization rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternMatching")] + pub pattern_matching: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Authorization decision delegated to external Authzed/SpiceDB server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spicedb: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesAuthorizationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authorization by Kubernetes SubjectAccessReview +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReview { + /// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// Use resourceAttributes to check permissions on Kubernetes resources. + /// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceAttributes")] + pub resource_attributes: Option, + /// User to check for authorization in the Kubernetes RBAC. + /// Omit it to check for group authorization only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Use resourceAttributes to check permissions on Kubernetes resources. +/// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributes { + /// API group of the resource. + /// Use '*' for all API groups. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Resource name + /// Omit it to check for authorization on all resources of the specified kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace where the user must have permissions on the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource kind + /// Use '*' for all resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource kind + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb to check for authorization on the resource. + /// Use '*' for all verbs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, +} + +/// API group of the resource. +/// Use '*' for all API groups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesGroup { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource name +/// Omit it to check for authorization on all resources of the specified kind. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Namespace where the user must have permissions on the resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesNamespace { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource kind +/// Use '*' for all resource kinds. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Subresource kind +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesSubresource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Verb to check for authorization on the resource. +/// Use '*' for all verbs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesVerb { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// User to check for authorization in the Kubernetes RBAC. +/// Omit it to check for group authorization only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationKubernetesSubjectAccessReviewUser { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Open Policy Agent (OPA) Rego policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpa { + /// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + /// Otherwise, only the default `allow` rule will be exposed. + /// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allValues")] + pub all_values: Option, + /// Settings for fetching the OPA policy from an external registry. + /// Use it alternatively to 'rego'. + /// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + /// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPolicy")] + pub external_policy: Option, + /// Authorization policy as a Rego language document. + /// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + /// The Rego document must NOT include the "package" declaration in line 1. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rego: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicy { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationOpaExternalPolicySharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Pattern-matching authorization rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationPatternMatching { + pub patterns: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationPatternMatchingPatterns { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationPatternMatchingPatternsOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorization decision delegated to external Authzed/SpiceDB server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedb { + /// Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051). + pub endpoint: String, + /// Insecure HTTP connection (i.e. disables TLS verification) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// The name of the permission (or relation) on which to execute the check. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub permission: Option, + /// The resource on which to check the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// The subject that will be checked for the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject: Option, +} + +/// The name of the permission (or relation) on which to execute the check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbPermission { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// The resource on which to check the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbResourceKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbResourceName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// The subject that will be checked for the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSubject { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSubjectKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationSpicedbSubjectName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesAuthorizationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesAuthorizationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Callback functions. +/// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacks { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Settings of the external HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesCallbacksCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesCallbacksHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesCallbacksHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyDefaultsRulesCallbacksHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesCallbacksWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesCallbacksWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Metadata sources. +/// Authorino fetches auth metadata as JSON from sources specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadata { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// External source of auth metadata via HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// User-Managed Access (UMA) source of resource data. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uma: Option, + /// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesMetadataCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesMetadataHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesMetadataHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyDefaultsRulesMetadataHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// User-Managed Access (UMA) source of resource data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataUma { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyDefaultsRulesMetadataUmaCredentialsRef, + /// The endpoint of the UMA server. + /// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. + pub endpoint: String, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataUmaCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataUserInfo { + /// The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim. + #[serde(rename = "identitySource")] + pub identity_source: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesMetadataWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesMetadataWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Response items. +/// Authorino builds custom responses to the client of the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponse { + /// Response items to be included in the auth response when the request is authenticated and authorized. + /// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub success: Option, + /// Customizations on the denial status attributes when the request is unauthenticated. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 401 Unauthorized + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthenticated: Option, + /// Customizations on the denial status attributes when the request is unauthorized. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 403 Forbidden + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthorized: Option, +} + +/// Response items to be included in the auth response when the request is authenticated and authorized. +/// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccess { + /// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, + /// Custom headers to inject in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, +} + +/// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFilters { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesResponseSuccessFiltersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessFiltersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Custom headers to inject in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeaders { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyDefaultsRulesResponseSuccessHeadersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessHeadersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Customizations on the denial status attributes when the request is unauthenticated. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 401 Unauthorized +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticated { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticatedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticatedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthenticatedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Customizations on the denial status attributes when the request is unauthorized. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 403 Forbidden +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorized { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorizedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorizedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsRulesResponseUnauthorizedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyDefaultsStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyDefaultsWhen { + pub predicate: String, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverrides { + /// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub patterns: Option>, + /// The auth rules of the policy. + /// See Authorino's AuthConfig CRD for more details. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rules: Option, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesPatterns { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesPatternsAllOf { + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesPatternsAllOfOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// The auth rules of the policy. +/// See Authorino's AuthConfig CRD for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRules { + /// Authentication configs. + /// At least one config MUST evaluate to a valid identity object for the auth request to be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication: Option>, + /// Authorization policies. + /// All policies MUST evaluate to "allowed = true" for the auth request be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option>, + /// Callback functions. + /// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub callbacks: Option>, + /// Metadata sources. + /// Authorino fetches auth metadata as JSON from sources specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Response items. + /// Authorino builds custom responses to the client of the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// Authentication configs. +/// At least one config MUST evaluate to a valid identity object for the auth request to be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthentication { + /// Anonymous access. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub anonymous: Option, + /// Authentication based on API keys stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Defines where credentials are required to be passed in the request for authentication based on this config. + /// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Set default property values (claims) for the resolved identity object, that are set before appending the object to + /// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option>, + /// Authentication based on JWT tokens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt: Option, + /// Authentication by Kubernetes token review. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesTokenReview")] + pub kubernetes_token_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Authentication by OAuth2 token introspection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2Introspection")] + pub oauth2_introspection: Option, + /// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + /// before appending the object to the authorization JSON. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option>, + /// Identity object extracted from the context. + /// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authentication based on client X.509 certificates. + /// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub x509: Option, +} + +/// Anonymous access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationAnonymous { +} + +/// Authentication based on API keys stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationApiKey { + /// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service + pub selector: AuthPolicyOverridesRulesAuthenticationApiKeySelector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationApiKeySelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationApiKeySelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesAuthenticationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Defines where credentials are required to be passed in the request for authentication based on this config. +/// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationCredentialsQueryString { + pub name: String, +} + +/// Set default property values (claims) for the resolved identity object, that are set before appending the object to +/// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationDefaults { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authentication based on JWT tokens. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationJwt { + /// URL of the issuer of the JWT. + /// If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + /// (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + /// the "jkws_uri" claim from. + /// The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "issuerUrl")] + pub issuer_url: Option, + /// Decides how long to wait before refreshing the JWKS (in seconds). + /// If omitted, Authorino will never refresh the JWKS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Authentication by Kubernetes token review. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationKubernetesTokenReview { + /// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + /// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audiences: Option>, +} + +/// Authentication by OAuth2 token introspection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationOauth2Introspection { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyOverridesRulesAuthenticationOauth2IntrospectionCredentialsRef, + /// The full URL of the token introspection endpoint. + pub endpoint: String, + /// The token type hint for the token introspection. + /// If omitted, it defaults to "access_token". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenTypeHint")] + pub token_type_hint: Option, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationOauth2IntrospectionCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, +/// before appending the object to the authorization JSON. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationOverrides { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Identity object extracted from the context. +/// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthenticationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authentication based on client X.509 certificates. +/// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationX509 { + /// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate + /// clients trying to authenticate to this service + pub selector: AuthPolicyOverridesRulesAuthenticationX509Selector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate +/// clients trying to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationX509Selector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthenticationX509SelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Authorization policies. +/// All policies MUST evaluate to "allowed = true" for the auth request be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorization { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Authorization by Kubernetes SubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesSubjectAccessReview")] + pub kubernetes_subject_access_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Open Policy Agent (OPA) Rego policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opa: Option, + /// Pattern-matching authorization rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternMatching")] + pub pattern_matching: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Authorization decision delegated to external Authzed/SpiceDB server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spicedb: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesAuthorizationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authorization by Kubernetes SubjectAccessReview +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReview { + /// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// Use resourceAttributes to check permissions on Kubernetes resources. + /// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceAttributes")] + pub resource_attributes: Option, + /// User to check for authorization in the Kubernetes RBAC. + /// Omit it to check for group authorization only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Use resourceAttributes to check permissions on Kubernetes resources. +/// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributes { + /// API group of the resource. + /// Use '*' for all API groups. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Resource name + /// Omit it to check for authorization on all resources of the specified kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace where the user must have permissions on the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource kind + /// Use '*' for all resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource kind + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb to check for authorization on the resource. + /// Use '*' for all verbs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, +} + +/// API group of the resource. +/// Use '*' for all API groups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesGroup { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource name +/// Omit it to check for authorization on all resources of the specified kind. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Namespace where the user must have permissions on the resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesNamespace { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource kind +/// Use '*' for all resource kinds. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Subresource kind +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesSubresource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Verb to check for authorization on the resource. +/// Use '*' for all verbs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesVerb { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// User to check for authorization in the Kubernetes RBAC. +/// Omit it to check for group authorization only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationKubernetesSubjectAccessReviewUser { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Open Policy Agent (OPA) Rego policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpa { + /// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + /// Otherwise, only the default `allow` rule will be exposed. + /// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allValues")] + pub all_values: Option, + /// Settings for fetching the OPA policy from an external registry. + /// Use it alternatively to 'rego'. + /// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + /// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPolicy")] + pub external_policy: Option, + /// Authorization policy as a Rego language document. + /// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + /// The Rego document must NOT include the "package" declaration in line 1. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rego: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicy { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationOpaExternalPolicySharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Pattern-matching authorization rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationPatternMatching { + pub patterns: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationPatternMatchingPatterns { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationPatternMatchingPatternsOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorization decision delegated to external Authzed/SpiceDB server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedb { + /// Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051). + pub endpoint: String, + /// Insecure HTTP connection (i.e. disables TLS verification) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// The name of the permission (or relation) on which to execute the check. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub permission: Option, + /// The resource on which to check the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// The subject that will be checked for the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject: Option, +} + +/// The name of the permission (or relation) on which to execute the check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbPermission { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// The resource on which to check the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbResourceKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbResourceName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// The subject that will be checked for the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSubject { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSubjectKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationSpicedbSubjectName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesAuthorizationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesAuthorizationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Callback functions. +/// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacks { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Settings of the external HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesCallbacksCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesCallbacksHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesCallbacksHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyOverridesRulesCallbacksHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesCallbacksWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesCallbacksWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Metadata sources. +/// Authorino fetches auth metadata as JSON from sources specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadata { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// External source of auth metadata via HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// User-Managed Access (UMA) source of resource data. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uma: Option, + /// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesMetadataCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesMetadataHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesMetadataHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyOverridesRulesMetadataHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// User-Managed Access (UMA) source of resource data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataUma { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyOverridesRulesMetadataUmaCredentialsRef, + /// The endpoint of the UMA server. + /// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. + pub endpoint: String, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataUmaCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataUserInfo { + /// The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim. + #[serde(rename = "identitySource")] + pub identity_source: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesMetadataWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesMetadataWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Response items. +/// Authorino builds custom responses to the client of the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponse { + /// Response items to be included in the auth response when the request is authenticated and authorized. + /// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub success: Option, + /// Customizations on the denial status attributes when the request is unauthenticated. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 401 Unauthorized + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthenticated: Option, + /// Customizations on the denial status attributes when the request is unauthorized. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 403 Forbidden + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthorized: Option, +} + +/// Response items to be included in the auth response when the request is authenticated and authorized. +/// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccess { + /// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, + /// Custom headers to inject in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, +} + +/// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFilters { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesResponseSuccessFiltersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessFiltersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessFiltersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyOverridesRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Custom headers to inject in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeaders { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyOverridesRulesResponseSuccessHeadersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessHeadersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseSuccessHeadersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyOverridesRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Customizations on the denial status attributes when the request is unauthenticated. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 401 Unauthorized +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticated { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticatedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticatedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthenticatedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Customizations on the denial status attributes when the request is unauthorized. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 403 Forbidden +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorized { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorizedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorizedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesRulesResponseUnauthorizedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyOverridesStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyOverridesWhen { + pub predicate: String, +} + +/// Named sets of patterns that can be referred in `when` conditions and in pattern-matching authorization policy rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyPatterns { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allOf")] + pub all_of: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyPatternsAllOf { + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyPatternsAllOfOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// The auth rules of the policy. +/// See Authorino's AuthConfig CRD for more details. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRules { + /// Authentication configs. + /// At least one config MUST evaluate to a valid identity object for the auth request to be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authentication: Option>, + /// Authorization policies. + /// All policies MUST evaluate to "allowed = true" for the auth request be successful. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub authorization: Option>, + /// Callback functions. + /// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub callbacks: Option>, + /// Metadata sources. + /// Authorino fetches auth metadata as JSON from sources specified in this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metadata: Option>, + /// Response items. + /// Authorino builds custom responses to the client of the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub response: Option, +} + +/// Authentication configs. +/// At least one config MUST evaluate to a valid identity object for the auth request to be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthentication { + /// Anonymous access. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub anonymous: Option, + /// Authentication based on API keys stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiKey")] + pub api_key: Option, + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Defines where credentials are required to be passed in the request for authentication based on this config. + /// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Set default property values (claims) for the resolved identity object, that are set before appending the object to + /// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option>, + /// Authentication based on JWT tokens. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub jwt: Option, + /// Authentication by Kubernetes token review. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesTokenReview")] + pub kubernetes_token_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Authentication by OAuth2 token introspection. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "oauth2Introspection")] + pub oauth2_introspection: Option, + /// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, + /// before appending the object to the authorization JSON. + /// It requires the resolved identity object to always be a JSON object. + /// Do not use this option with identity objects of other JSON types (array, string, etc). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option>, + /// Identity object extracted from the context. + /// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authentication based on client X.509 certificates. + /// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub x509: Option, +} + +/// Anonymous access. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationAnonymous { +} + +/// Authentication based on API keys stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationApiKey { + /// Whether Authorino should look for API key secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service + pub selector: AuthPolicyRulesAuthenticationApiKeySelector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationApiKeySelector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationApiKeySelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesAuthenticationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Defines where credentials are required to be passed in the request for authentication based on this config. +/// If omitted, it defaults to credentials passed in the HTTP Authorization header and the "Bearer" prefix prepended to the secret credential value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationCredentialsQueryString { + pub name: String, +} + +/// Set default property values (claims) for the resolved identity object, that are set before appending the object to +/// the authorization JSON. If the property is already present in the resolved identity object, the default value is ignored. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationDefaults { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authentication based on JWT tokens. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationJwt { + /// URL of the issuer of the JWT. + /// If `jwksUrl` is omitted, Authorino will append the path to the OpenID Connect Well-Known Discovery endpoint + /// (i.e. "/.well-known/openid-configuration") to this URL, to discover the OIDC configuration where to obtain + /// the "jkws_uri" claim from. + /// The value must coincide with the value of the "iss" (issuer) claim of the discovered OpenID Connect configuration. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "issuerUrl")] + pub issuer_url: Option, + /// Decides how long to wait before refreshing the JWKS (in seconds). + /// If omitted, Authorino will never refresh the JWKS. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Authentication by Kubernetes token review. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationKubernetesTokenReview { + /// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino. + /// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub audiences: Option>, +} + +/// Authentication by OAuth2 token introspection. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationOauth2Introspection { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyRulesAuthenticationOauth2IntrospectionCredentialsRef, + /// The full URL of the token introspection endpoint. + pub endpoint: String, + /// The token type hint for the token introspection. + /// If omitted, it defaults to "access_token". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenTypeHint")] + pub token_type_hint: Option, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationOauth2IntrospectionCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// Overrides the resolved identity object by setting the additional properties (claims) specified in this config, +/// before appending the object to the authorization JSON. +/// It requires the resolved identity object to always be a JSON object. +/// Do not use this option with identity objects of other JSON types (array, string, etc). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationOverrides { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Identity object extracted from the context. +/// Use this method when authentication is performed beforehand by a proxy and the resulting object passed to Authorino as JSON in the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthenticationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authentication based on client X.509 certificates. +/// The certificates presented by the clients must be signed by a trusted CA whose certificates are stored in Kubernetes secrets. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationX509 { + /// Whether Authorino should look for TLS secrets in all namespaces or only in the same namespace as the AuthConfig. + /// Enabling this option in namespaced Authorino instances has no effect. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allNamespaces")] + pub all_namespaces: Option, + /// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate + /// clients trying to authenticate to this service + pub selector: AuthPolicyRulesAuthenticationX509Selector, +} + +/// Label selector used by Authorino to match secrets from the cluster storing trusted CA certificates to validate +/// clients trying to authenticate to this service +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationX509Selector { + /// matchExpressions is a list of label selector requirements. The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] + pub match_expressions: Option>, + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] + pub match_labels: Option>, +} + +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthenticationX509SelectorMatchExpressions { + /// key is the label key that the selector applies to. + pub key: String, + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. + pub operator: String, + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub values: Option>, +} + +/// Authorization policies. +/// All policies MUST evaluate to "allowed = true" for the auth request be successful. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorization { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Authorization by Kubernetes SubjectAccessReview + #[serde(default, skip_serializing_if = "Option::is_none", rename = "kubernetesSubjectAccessReview")] + pub kubernetes_subject_access_review: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Open Policy Agent (OPA) Rego policy. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub opa: Option, + /// Pattern-matching authorization rules. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternMatching")] + pub pattern_matching: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Authorization decision delegated to external Authzed/SpiceDB server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spicedb: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesAuthorizationCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Authorization by Kubernetes SubjectAccessReview +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReview { + /// Groups the user must be a member of or, if `user` is omitted, the groups to check for authorization in the Kubernetes RBAC. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub groups: Option>, + /// Use resourceAttributes to check permissions on Kubernetes resources. + /// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "resourceAttributes")] + pub resource_attributes: Option, + /// User to check for authorization in the Kubernetes RBAC. + /// Omit it to check for group authorization only. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub user: Option, +} + +/// Use resourceAttributes to check permissions on Kubernetes resources. +/// If omitted, it performs a non-resource SubjectAccessReview, with verb and path inferred from the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributes { + /// API group of the resource. + /// Use '*' for all API groups. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub group: Option, + /// Resource name + /// Omit it to check for authorization on all resources of the specified kind. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + /// Namespace where the user must have permissions on the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub namespace: Option, + /// Resource kind + /// Use '*' for all resource kinds. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Subresource kind + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subresource: Option, + /// Verb to check for authorization on the resource. + /// Use '*' for all verbs. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub verb: Option, +} + +/// API group of the resource. +/// Use '*' for all API groups. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesGroup { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource name +/// Omit it to check for authorization on all resources of the specified kind. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Namespace where the user must have permissions on the resource. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesNamespace { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Resource kind +/// Use '*' for all resource kinds. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Subresource kind +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesSubresource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Verb to check for authorization on the resource. +/// Use '*' for all verbs. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewResourceAttributesVerb { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// User to check for authorization in the Kubernetes RBAC. +/// Omit it to check for group authorization only. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationKubernetesSubjectAccessReviewUser { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Open Policy Agent (OPA) Rego policy. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpa { + /// Returns the value of all Rego rules in the virtual document. Values can be read in subsequent evaluators/phases of the Auth Pipeline. + /// Otherwise, only the default `allow` rule will be exposed. + /// Returning all Rego rules can affect performance of OPA policies during reconciliation (policy precompile) and at runtime. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "allValues")] + pub all_values: Option, + /// Settings for fetching the OPA policy from an external registry. + /// Use it alternatively to 'rego'. + /// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', + /// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "externalPolicy")] + pub external_policy: Option, + /// Authorization policy as a Rego language document. + /// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed). + /// The Rego document must NOT include the "package" declaration in line 1. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rego: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicy { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationOpaExternalPolicyContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings for fetching the OPA policy from an external registry. +/// Use it alternatively to 'rego'. +/// For the configurations of the HTTP request, the following options are not implemented: 'method', 'body', 'bodyParameters', +/// 'contentType', 'headers', 'oauth2'. Use it only with: 'url', 'sharedSecret', 'credentials'. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationOpaExternalPolicyMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicyOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationOpaExternalPolicySharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Pattern-matching authorization rules. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationPatternMatching { + pub patterns: Vec, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationPatternMatchingPatterns { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationPatternMatchingPatternsOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorization decision delegated to external Authzed/SpiceDB server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedb { + /// Hostname and port number to the GRPC interface of the SpiceDB server (e.g. spicedb:50051). + pub endpoint: String, + /// Insecure HTTP connection (i.e. disables TLS verification) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub insecure: Option, + /// The name of the permission (or relation) on which to execute the check. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub permission: Option, + /// The resource on which to check the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resource: Option, + /// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// The subject that will be checked for the permission or relation. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub subject: Option, +} + +/// The name of the permission (or relation) on which to execute the check. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbPermission { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// The resource on which to check the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbResource { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbResourceKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbResourceName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to a Secret key whose value will be used by Authorino to authenticate with the Authzed service. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// The subject that will be checked for the permission or relation. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSubject { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub kind: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSubjectKind { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationSpicedbSubjectName { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesAuthorizationWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesAuthorizationWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Callback functions. +/// Authorino sends callbacks at the end of the auth pipeline to the endpoints specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacks { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// Settings of the external HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesCallbacksCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesCallbacksHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Settings of the external HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesCallbacksHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyRulesCallbacksHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesCallbacksWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesCallbacksWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Metadata sources. +/// Authorino fetches auth metadata as JSON from sources specified in this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadata { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// External source of auth metadata via HTTP request + #[serde(default, skip_serializing_if = "Option::is_none")] + pub http: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// User-Managed Access (UMA) source of resource data. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub uma: Option, + /// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "userInfo")] + pub user_info: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesMetadataCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttp { + /// Raw body of the HTTP request. + /// Supersedes 'bodyParameters'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// Custom parameters to encode in the body of the HTTP request. + /// Superseded by 'body'; use either one or the other. + /// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). + #[serde(default, skip_serializing_if = "Option::is_none", rename = "bodyParameters")] + pub body_parameters: Option>, + /// Content-Type of the request body. Shapes how 'bodyParameters' are encoded. + /// Use it with method=POST; for GET requests, Content-Type is automatically set to 'text/plain'. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "contentType")] + pub content_type: Option, + /// Defines where client credentials will be passed in the request to the service. + /// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub credentials: Option, + /// Custom headers in the HTTP request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP verb used in the request to the service. Accepted values: GET (default), POST. + /// When the request method is POST, the authorization JSON is passed in the body of the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub method: Option, + /// Authentication with the HTTP service by OAuth2 Client Credentials grant. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub oauth2: Option, + /// Reference to a Secret key whose value will be passed by Authorino in the request. + /// The HTTP service can use the shared secret to authenticate the origin of the request. + /// Ignored if used together with oauth2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sharedSecretRef")] + pub shared_secret_ref: Option, + /// Endpoint URL of the HTTP service. + /// The value can include variable placeholders in the format "{selector}", where "selector" is any pattern supported + /// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON. + /// E.g. https://ext-auth-server.io/metadata?p={request.path} + #[serde(default, skip_serializing_if = "Option::is_none")] + pub url: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "urlExpression")] + pub url_expression: Option, +} + +/// Raw body of the HTTP request. +/// Supersedes 'bodyParameters'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Custom parameters to encode in the body of the HTTP request. +/// Superseded by 'body'; use either one or the other. +/// Use it with method=POST; for GET requests, set parameters as query string in the 'endpoint' (placeholders can be used). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpBodyParameters { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesMetadataHttpContentType { + #[serde(rename = "application/x-www-form-urlencoded")] + ApplicationXWwwFormUrlencoded, + #[serde(rename = "application/json")] + ApplicationJson, +} + +/// Defines where client credentials will be passed in the request to the service. +/// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentials { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "authorizationHeader")] + pub authorization_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cookie: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customHeader")] + pub custom_header: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryString")] + pub query_string: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsAuthorizationHeader { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub prefix: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsCookie { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsCustomHeader { + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpCredentialsQueryString { + pub name: String, +} + +/// Custom headers in the HTTP request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// External source of auth metadata via HTTP request +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesMetadataHttpMethod { + #[serde(rename = "GET")] + Get, + #[serde(rename = "POST")] + Post, + #[serde(rename = "PUT")] + Put, + #[serde(rename = "PATCH")] + Patch, + #[serde(rename = "DELETE")] + Delete, + #[serde(rename = "HEAD")] + Head, + #[serde(rename = "OPTIONS")] + Options, + #[serde(rename = "CONNECT")] + Connect, + #[serde(rename = "TRACE")] + Trace, +} + +/// Authentication with the HTTP service by OAuth2 Client Credentials grant. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpOauth2 { + /// Caches and reuses the token until expired. + /// Set it to false to force fetch the token at every authorization request regardless of expiration. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// OAuth2 Client ID. + #[serde(rename = "clientId")] + pub client_id: String, + /// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. + #[serde(rename = "clientSecretRef")] + pub client_secret_ref: AuthPolicyRulesMetadataHttpOauth2ClientSecretRef, + /// Optional extra parameters for the requests to the token URL. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "extraParams")] + pub extra_params: Option>, + /// Optional scopes for the client credentials grant, if supported by he OAuth2 server. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub scopes: Option>, + /// Token endpoint URL of the OAuth2 resource server. + #[serde(rename = "tokenUrl")] + pub token_url: String, +} + +/// Reference to a Kuberentes Secret key that stores that OAuth2 Client Secret. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpOauth2ClientSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// Reference to a Secret key whose value will be passed by Authorino in the request. +/// The HTTP service can use the shared secret to authenticate the origin of the request. +/// Ignored if used together with oauth2. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataHttpSharedSecretRef { + /// The key of the secret to select from. Must be a valid secret key. + pub key: String, + /// The name of the secret in the Authorino's namespace to select from. + pub name: String, +} + +/// User-Managed Access (UMA) source of resource data. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataUma { + /// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. + #[serde(rename = "credentialsRef")] + pub credentials_ref: AuthPolicyRulesMetadataUmaCredentialsRef, + /// The endpoint of the UMA server. + /// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint. + pub endpoint: String, +} + +/// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataUmaCredentialsRef { + /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + +/// OpendID Connect UserInfo linked to an OIDC authentication config specified in this same AuthConfig. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataUserInfo { + /// The name of an OIDC-enabled JWT authentication config whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim. + #[serde(rename = "identitySource")] + pub identity_source: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesMetadataWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesMetadataWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Response items. +/// Authorino builds custom responses to the client of the auth request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponse { + /// Response items to be included in the auth response when the request is authenticated and authorized. + /// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub success: Option, + /// Customizations on the denial status attributes when the request is unauthenticated. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 401 Unauthorized + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthenticated: Option, + /// Customizations on the denial status attributes when the request is unauthorized. + /// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. + /// Default: 403 Forbidden + #[serde(default, skip_serializing_if = "Option::is_none")] + pub unauthorized: Option, +} + +/// Response items to be included in the auth response when the request is authenticated and authorized. +/// For integration of Authorino via proxy, the proxy must use these settings to propagate dynamic metadata and/or inject data in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccess { + /// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filters: Option>, + /// Custom headers to inject in the request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, +} + +/// Custom data made available to other filters managed by Kuadrant (i.e. Rate Limit) +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFilters { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesResponseSuccessFiltersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessFiltersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessFiltersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessFiltersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Custom headers to inject in the request. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeaders { + /// Caching options for the resolved object returned when applying this config. + /// Omit it to avoid caching objects for this config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub cache: Option, + /// JSON object + /// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub json: Option, + /// The key used to add the custom response item (name of the HTTP header or root property of the Dynamic Metadata object). + /// If omitted, it will be set to the name of the response config. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + /// Whether this config should generate individual observability metrics + #[serde(default, skip_serializing_if = "Option::is_none")] + pub metrics: Option, + /// Plain text content + #[serde(default, skip_serializing_if = "Option::is_none")] + pub plain: Option, + /// Priority group of the config. + /// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub priority: Option, + /// Conditions for Authorino to enforce this config. + /// If omitted, the config will be enforced for all requests. + /// If present, all conditions must match for the config to be enforced; otherwise, the config will be skipped. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, + /// Authorino Festival Wristband token + #[serde(default, skip_serializing_if = "Option::is_none")] + pub wristband: Option, +} + +/// Caching options for the resolved object returned when applying this config. +/// Omit it to avoid caching objects for this config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersCache { + /// Key used to store the entry in the cache. + /// The resolved key must be unique within the scope of this particular config. + pub key: AuthPolicyRulesResponseSuccessHeadersCacheKey, + /// Duration (in seconds) of the external data in the cache before pulled again from the source. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub ttl: Option, +} + +/// Key used to store the entry in the cache. +/// The resolved key must be unique within the scope of this particular config. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersCacheKey { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// JSON object +/// Specify it as the list of properties of the object, whose values can combine static values and values selected from the authorization JSON. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersJson { + pub properties: BTreeMap, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersJsonProperties { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Plain text content +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersPlain { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWhen { + /// A list of pattern expressions to be evaluated as a logical AND. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub all: Option>, + /// A list of pattern expressions to be evaluated as a logical OR. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub any: Option>, + /// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value". + /// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex) + #[serde(default, skip_serializing_if = "Option::is_none")] + pub operator: Option, + /// Reference to a named set of pattern expressions + #[serde(default, skip_serializing_if = "Option::is_none", rename = "patternRef")] + pub pattern_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub predicate: Option, + /// Path selector to fetch content from the authorization JSON (e.g. 'request.method'). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// Authorino custom JSON path modifiers are also supported. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// The value of reference for the comparison with the content fetched from the authorization JSON. + /// If used with the "matches" operator, the value must compile to a valid Golang regex. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessHeadersWhenOperator { + #[serde(rename = "eq")] + Eq, + #[serde(rename = "neq")] + Neq, + #[serde(rename = "incl")] + Incl, + #[serde(rename = "excl")] + Excl, + #[serde(rename = "matches")] + Matches, +} + +/// Authorino Festival Wristband token +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWristband { + /// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "customClaims")] + pub custom_claims: Option>, + /// The endpoint to the Authorino service that issues the wristband (format: ://:/, where = /, + /// Time span of the wristband token, in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "tokenDuration")] + pub token_duration: Option, +} + +/// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWristbandCustomClaims { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct AuthPolicyRulesResponseSuccessHeadersWristbandSigningKeyRefs { + /// Algorithm to sign the wristband token using the signing key provided + pub algorithm: AuthPolicyRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm, + /// Name of the signing key. + /// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header. + pub name: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum AuthPolicyRulesResponseSuccessHeadersWristbandSigningKeyRefsAlgorithm { + #[serde(rename = "ES256")] + Es256, + #[serde(rename = "ES384")] + Es384, + #[serde(rename = "ES512")] + Es512, + #[serde(rename = "RS256")] + Rs256, + #[serde(rename = "RS384")] + Rs384, + #[serde(rename = "RS512")] + Rs512, +} + +/// Customizations on the denial status attributes when the request is unauthenticated. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 401 Unauthorized +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticated { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticatedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticatedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthenticatedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Customizations on the denial status attributes when the request is unauthorized. +/// For integration of Authorino via proxy, the proxy must honour the response status attributes specified in this config. +/// Default: 403 Forbidden +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorized { + /// HTTP response body to override the default denial body. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub body: Option, + /// HTTP status code to override the default denial status code. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub code: Option, + /// HTTP response headers to override the default denial headers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub headers: Option>, + /// HTTP message to override the default denial message. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub message: Option, +} + +/// HTTP response body to override the default denial body. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorizedBody { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP response headers to override the default denial headers. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorizedHeaders { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// HTTP message to override the default denial message. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyRulesResponseUnauthorizedMessage { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub expression: Option, + /// Simple path selector to fetch content from the authorization JSON (e.g. 'request.method') or a string template with variables that resolve to patterns (e.g. "Hello, {auth.identity.name}!"). + /// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson can be used. + /// The following Authorino custom modifiers are supported: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower, @base64:encode|decode and @strip. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub selector: Option, + /// Static value + #[serde(default, skip_serializing_if = "Option::is_none")] + pub value: Option, +} + +/// Reference to the object to which this policy applies. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// SectionName is the name of a section within the target resource. When + /// unspecified, this targetRef targets the entire resource. In the following + /// resources, SectionName is interpreted as the following: + /// + /// * Gateway: Listener name + /// * HTTPRoute: HTTPRouteRule name + /// * Service: Port name + /// + /// If a SectionName is specified, but does not exist on the targeted object, + /// the Policy must fail to attach, and the policy implementation should record + /// a `ResolvedRefs` or similar Condition in the Policy's status. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] + pub section_name: Option, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyWhen { + pub predicate: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct AuthPolicyStatus { + /// Represents the observations of a foo's current state. + /// Known .status.conditions.type are: "Available" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// ObservedGeneration reflects the generation of the most recently observed spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, +} + diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs b/kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs new file mode 100644 index 000000000..0c781fc75 --- /dev/null +++ b/kube-custom-resources-rs/src/kuadrant_io/v1/mod.rs @@ -0,0 +1,2 @@ +pub mod authpolicies; +pub mod ratelimitpolicies; diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs b/kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs new file mode 100644 index 000000000..c58788913 --- /dev/null +++ b/kube-custom-resources-rs/src/kuadrant_io/v1/ratelimitpolicies.rs @@ -0,0 +1,272 @@ +// WARNING: generated by kopium - manual changes will be overwritten +// kopium command: kopium --docs --filename=./crd-catalog/Kuadrant/kuadrant-operator/kuadrant.io/v1/ratelimitpolicies.yaml --derive=Default --derive=PartialEq --smart-derive-elision +// kopium version: 0.21.1 + +#[allow(unused_imports)] +mod prelude { + pub use kube::CustomResource; + pub use serde::{Serialize, Deserialize}; + pub use std::collections::BTreeMap; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; +} +use self::prelude::*; + +#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +#[kube(group = "kuadrant.io", version = "v1", kind = "RateLimitPolicy", plural = "ratelimitpolicies")] +#[kube(namespaced)] +#[kube(status = "RateLimitPolicyStatus")] +#[kube(schema = "disabled")] +#[kube(derive="Default")] +#[kube(derive="PartialEq")] +pub struct RateLimitPolicySpec { + /// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub defaults: Option, + /// Limits holds the struct of limits indexed by a unique name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. + /// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). + #[serde(default, skip_serializing_if = "Option::is_none")] + pub overrides: Option, + /// Reference to the object to which this policy applies. + #[serde(rename = "targetRef")] + pub target_ref: RateLimitPolicyTargetRef, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaults { + /// Limits holds the struct of limits indexed by a unique name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Limits holds the struct of limits indexed by a unique name +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimits { + /// Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors + #[serde(default, skip_serializing_if = "Option::is_none")] + pub counters: Option>, + /// Rates holds the list of limit rates + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rates: Option>, + /// When holds a list of "limit-level" `Predicate`s + /// Called also "soft" conditions as route selectors must also match + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimitsCounters { + /// Expression defines one CEL expression + /// Expression can use well known attributes + /// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes + /// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors + /// They are named by a dot-separated path (e.g. request.path) + /// Example: "request.path" -> The path portion of the URL + pub expression: String, +} + +/// Rate defines the actual rate limit that will be used when there is a match +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimitsRates { + /// Limit defines the max value allowed for a given period of time + pub limit: i64, + /// Window defines the time period for which the Limit specified above applies. + pub window: String, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsLimitsWhen { + pub predicate: String, +} + +/// Rules to apply as defaults. Can be overridden by more specific policiy rules lower in the hierarchy and by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum RateLimitPolicyDefaultsStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyDefaultsWhen { + pub predicate: String, +} + +/// Limits holds the struct of limits indexed by a unique name +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimits { + /// Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors + #[serde(default, skip_serializing_if = "Option::is_none")] + pub counters: Option>, + /// Rates holds the list of limit rates + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rates: Option>, + /// When holds a list of "limit-level" `Predicate`s + /// Called also "soft" conditions as route selectors must also match + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimitsCounters { + /// Expression defines one CEL expression + /// Expression can use well known attributes + /// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes + /// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors + /// They are named by a dot-separated path (e.g. request.path) + /// Example: "request.path" -> The path portion of the URL + pub expression: String, +} + +/// Rate defines the actual rate limit that will be used when there is a match +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimitsRates { + /// Limit defines the max value allowed for a given period of time + pub limit: i64, + /// Window defines the time period for which the Limit specified above applies. + pub window: String, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyLimitsWhen { + pub predicate: String, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverrides { + /// Limits holds the struct of limits indexed by a unique name + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Strategy defines the merge strategy to apply when merging this policy with other policies. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub strategy: Option, + /// Overall conditions for the policy to be enforced. + /// If omitted, the policy will be enforced at all requests to the protected routes. + /// If present, all conditions must match for the policy to be enforced. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +/// Limits holds the struct of limits indexed by a unique name +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimits { + /// Counters defines additional rate limit counters based on CEL expressions which can reference well known selectors + #[serde(default, skip_serializing_if = "Option::is_none")] + pub counters: Option>, + /// Rates holds the list of limit rates + #[serde(default, skip_serializing_if = "Option::is_none")] + pub rates: Option>, + /// When holds a list of "limit-level" `Predicate`s + /// Called also "soft" conditions as route selectors must also match + #[serde(default, skip_serializing_if = "Option::is_none")] + pub when: Option>, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimitsCounters { + /// Expression defines one CEL expression + /// Expression can use well known attributes + /// Attributes: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes + /// Well-known selectors: https://github.com/Kuadrant/architecture/blob/main/rfcs/0001-rlp-v2.md#well-known-selectors + /// They are named by a dot-separated path (e.g. request.path) + /// Example: "request.path" -> The path portion of the URL + pub expression: String, +} + +/// Rate defines the actual rate limit that will be used when there is a match +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimitsRates { + /// Limit defines the max value allowed for a given period of time + pub limit: i64, + /// Window defines the time period for which the Limit specified above applies. + pub window: String, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesLimitsWhen { + pub predicate: String, +} + +/// Rules to apply as overrides. Override all policy rules lower in the hierarchy. Can be overridden by less specific policy overrides. +/// Use one of: defaults, overrides, or bare set of policy rules (implicit defaults). +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum RateLimitPolicyOverridesStrategy { + #[serde(rename = "atomic")] + Atomic, + #[serde(rename = "merge")] + Merge, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyOverridesWhen { + pub predicate: String, +} + +/// Reference to the object to which this policy applies. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyTargetRef { + /// Group is the group of the target resource. + pub group: String, + /// Kind is kind of the target resource. + pub kind: String, + /// Name is the name of the target resource. + pub name: String, + /// SectionName is the name of a section within the target resource. When + /// unspecified, this targetRef targets the entire resource. In the following + /// resources, SectionName is interpreted as the following: + /// + /// * Gateway: Listener name + /// * HTTPRoute: HTTPRouteRule name + /// * Service: Port name + /// + /// If a SectionName is specified, but does not exist on the targeted object, + /// the Policy must fail to attach, and the policy implementation should record + /// a `ResolvedRefs` or similar Condition in the Policy's status. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "sectionName")] + pub section_name: Option, +} + +/// Predicate defines one CEL expression that must be evaluated to bool +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyWhen { + pub predicate: String, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct RateLimitPolicyStatus { + /// Represents the observations of a foo's current state. + /// Known .status.conditions.type are: "Available" + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// ObservedGeneration reflects the generation of the most recently observed spec. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, +} + diff --git a/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs b/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs index 0d8afe865..e9de2e781 100644 --- a/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs +++ b/kube-custom-resources-rs/src/kuadrant_io/v1alpha1/dnsrecords.rs @@ -87,9 +87,11 @@ pub struct DNSRecordHealthCheck { #[serde(default, skip_serializing_if = "Option::is_none", rename = "additionalHeadersRef")] pub additional_headers_ref: Option, /// FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy + /// Defaults to 5 #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureThreshold")] pub failure_threshold: Option, /// Interval defines how frequently this probe should execute + /// Defaults to 5 minutes #[serde(default, skip_serializing_if = "Option::is_none")] pub interval: Option, /// Path is the path to append to the host to reach the expected health check. @@ -97,9 +99,11 @@ pub struct DNSRecordHealthCheck { #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, /// Port to connect to the host on. Must be either 80, 443 or 1024-49151 + /// Defaults to port 443 #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, /// Protocol to use when connecting to the host, valid values are "HTTP" or "HTTPS" + /// Defaults to HTTPS #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, } diff --git a/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs b/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs index c9891a258..65365db8a 100644 --- a/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs +++ b/kube-custom-resources-rs/src/kube_green_com/v1alpha1/sleepinfos.rs @@ -44,8 +44,8 @@ pub struct SleepInfoSpec { #[serde(default, skip_serializing_if = "Option::is_none", rename = "suspendDeployments")] pub suspend_deployments: Option, /// If SuspendStatefulSets is set to false, on sleep the statefulset of the namespace will not be suspended. By default StatefulSet will be suspended. - #[serde(default, skip_serializing_if = "Option::is_none", rename = "suspendStatefulsets")] - pub suspend_statefulsets: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "suspendStatefulSets")] + pub suspend_stateful_sets: Option, /// Time zone to set the schedule, in IANA time zone identifier. /// It is not required, default to UTC. /// For example, for the Italy time zone set Europe/Rome. diff --git a/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/workloads.rs b/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/workloads.rs index ba96ec53f..63a429388 100644 --- a/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/workloads.rs +++ b/kube-custom-resources-rs/src/kueue_x_k8s_io/v1beta1/workloads.rs @@ -6890,6 +6890,13 @@ pub struct WorkloadPodSetsTemplateSpecVolumesVsphereVolume { /// topologyRequest defines the topology request for the PodSet. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct WorkloadPodSetsTopologyRequest { + /// PodIndexLabel indicates the name of the label indexing the pods. + /// For example, in the context of + /// - kubernetes job this is: kubernetes.io/job-completion-index + /// - JobSet: kubernetes.io/job-completion-index (inherited from Job) + /// - Kubeflow: training.kubeflow.org/replica-index + #[serde(default, skip_serializing_if = "Option::is_none", rename = "podIndexLabel")] + pub pod_index_label: Option, /// preferred indicates the topology level preferred by the PodSet, as /// indicated by the `kueue.x-k8s.io/podset-preferred-topology` PodSet /// annotation. @@ -6900,6 +6907,14 @@ pub struct WorkloadPodSetsTopologyRequest { /// annotation. #[serde(default, skip_serializing_if = "Option::is_none")] pub required: Option, + /// SubGroupIndexLabel indicates the count of replicated Jobs (groups) within a PodSet. + /// For example, in the context of JobSet this value is read from jobset.sigs.k8s.io/replicatedjob-replicas. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subGroupCount")] + pub sub_group_count: Option, + /// SubGroupIndexLabel indicates the name of the label indexing the instances of replicated Jobs (groups) + /// within a PodSet. For example, in the context of JobSet this is jobset.sigs.k8s.io/job-index. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "subGroupIndexLabel")] + pub sub_group_index_label: Option, } /// WorkloadSpec defines the desired state of Workload @@ -6994,7 +7009,9 @@ pub struct WorkloadStatusAdmissionPodSetAssignments { /// domain and specifies the node selectors for each topology domain, in the /// following way: the node selector keys are specified by the levels field /// (same for all domains), and the corresponding node selector value is - /// specified by the domains.values subfield. + /// specified by the domains.values subfield. If the TopologySpec.Levels field contains + /// "kubernetes.io/hostname" label, topologyAssignment will contain data only for + /// this label, and omit higher levels in the topology /// /// Example: /// @@ -7015,6 +7032,21 @@ pub struct WorkloadStatusAdmissionPodSetAssignments { /// - 2 Pods are to be scheduled on nodes matching the node selector: /// cloud.provider.com/topology-block: block-1 /// cloud.provider.com/topology-rack: rack-2 + /// + /// Example: + /// Below there is an equivalent of the above example assuming, Topology + /// object defines kubernetes.io/hostname as the lowest level in topology. + /// Hence we omit higher level of topologies, since the hostname label + /// is sufficient to explicitly identify a proper node. + /// + /// topologyAssignment: + /// levels: + /// - kubernetes.io/hostname + /// domains: + /// - values: [hostname-1] + /// count: 4 + /// - values: [hostname-2] + /// count: 2 #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologyAssignment")] pub topology_assignment: Option, } @@ -7025,7 +7057,9 @@ pub struct WorkloadStatusAdmissionPodSetAssignments { /// domain and specifies the node selectors for each topology domain, in the /// following way: the node selector keys are specified by the levels field /// (same for all domains), and the corresponding node selector value is -/// specified by the domains.values subfield. +/// specified by the domains.values subfield. If the TopologySpec.Levels field contains +/// "kubernetes.io/hostname" label, topologyAssignment will contain data only for +/// this label, and omit higher levels in the topology /// /// Example: /// @@ -7046,6 +7080,21 @@ pub struct WorkloadStatusAdmissionPodSetAssignments { /// - 2 Pods are to be scheduled on nodes matching the node selector: /// cloud.provider.com/topology-block: block-1 /// cloud.provider.com/topology-rack: rack-2 +/// +/// Example: +/// Below there is an equivalent of the above example assuming, Topology +/// object defines kubernetes.io/hostname as the lowest level in topology. +/// Hence we omit higher level of topologies, since the hostname label +/// is sufficient to explicitly identify a proper node. +/// +/// topologyAssignment: +/// levels: +/// - kubernetes.io/hostname +/// domains: +/// - values: [hostname-1] +/// count: 4 +/// - values: [hostname-2] +/// count: 2 #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct WorkloadStatusAdmissionPodSetAssignmentsTopologyAssignment { /// domains is a list of topology assignments split by topology domains at diff --git a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs index b54617b36..afc884e90 100644 --- a/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs +++ b/kube-custom-resources-rs/src/kuma_io/v1alpha1/meshloadbalancingstrategies.rs @@ -243,6 +243,7 @@ pub struct MeshLoadBalancingStrategyToDefaultLoadBalancerMaglevHashPoliciesQuery pub enum MeshLoadBalancingStrategyToDefaultLoadBalancerMaglevHashPoliciesType { Header, Cookie, + Connection, #[serde(rename = "SourceIP")] SourceIp, QueryParameter, @@ -361,6 +362,7 @@ pub struct MeshLoadBalancingStrategyToDefaultLoadBalancerRingHashHashPoliciesQue pub enum MeshLoadBalancingStrategyToDefaultLoadBalancerRingHashHashPoliciesType { Header, Cookie, + Connection, #[serde(rename = "SourceIP")] SourceIp, QueryParameter, diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs index 6fdebf672..629fb492d 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/clusterpolicies.rs @@ -1794,11 +1794,11 @@ pub struct ClusterPolicyRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -1825,11 +1825,11 @@ pub struct ClusterPolicyRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a @@ -6077,11 +6077,11 @@ pub struct ClusterPolicyStatusAutogenRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -6108,11 +6108,11 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a diff --git a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs index 7ddfb1098..7db2f7834 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v1/policies.rs @@ -1795,11 +1795,11 @@ pub struct PolicyRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -1826,11 +1826,11 @@ pub struct PolicyRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a @@ -6078,11 +6078,11 @@ pub struct PolicyStatusAutogenRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -6109,11 +6109,11 @@ pub struct PolicyStatusAutogenRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs index 13fd8d41d..7b9c2e6a9 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/clusterpolicies.rs @@ -1495,11 +1495,11 @@ pub struct ClusterPolicyRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -1526,11 +1526,11 @@ pub struct ClusterPolicyRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a @@ -5937,11 +5937,11 @@ pub struct ClusterPolicyStatusAutogenRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -5968,11 +5968,11 @@ pub struct ClusterPolicyStatusAutogenRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a diff --git a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs index 69ba63440..b916f086f 100644 --- a/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs +++ b/kube-custom-resources-rs/src/kyverno_io/v2beta1/policies.rs @@ -1496,11 +1496,11 @@ pub struct PolicyRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -1527,11 +1527,11 @@ pub struct PolicyRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a @@ -5938,11 +5938,11 @@ pub struct PolicyStatusAutogenRulesMutate { pub mutate_existing_on_policy_update: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// Targets defines the target resources to be mutated. @@ -5969,11 +5969,11 @@ pub struct PolicyStatusAutogenRulesMutateForeach { pub order: Option, /// PatchStrategicMerge is a strategic merge patch used to modify resources. /// See https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/ - /// and https://kubectl.docs.kubernetes.io/references/kustomize/patchesstrategicmerge/. + /// and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchStrategicMerge")] pub patch_strategic_merge: Option, /// PatchesJSON6902 is a list of RFC 6902 JSON Patch declarations used to modify resources. - /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/patchesjson6902/. + /// See https://tools.ietf.org/html/rfc6902 and https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/. #[serde(default, skip_serializing_if = "Option::is_none", rename = "patchesJson6902")] pub patches_json6902: Option, /// AnyAllConditions are used to determine if a policy rule should be applied by evaluating a diff --git a/kube-custom-resources-rs/src/lib.rs b/kube-custom-resources-rs/src/lib.rs index 5ff673e2a..3e2090f79 100644 --- a/kube-custom-resources-rs/src/lib.rs +++ b/kube-custom-resources-rs/src/lib.rs @@ -1357,6 +1357,11 @@ apiVersion `groupsnapshot.storage.k8s.io/v1alpha1`: - `VolumeGroupSnapshotContent` - `VolumeGroupSnapshot` +apiVersion `groupsnapshot.storage.k8s.io/v1beta1`: +- `VolumeGroupSnapshotClass` +- `VolumeGroupSnapshotContent` +- `VolumeGroupSnapshot` + ## hazelcast_com apiVersion `hazelcast.com/v1alpha1`: @@ -1799,6 +1804,10 @@ apiVersion `kms.services.k8s.aws/v1alpha1`: ## kuadrant_io +apiVersion `kuadrant.io/v1`: +- `AuthPolicy` +- `RateLimitPolicy` + apiVersion `kuadrant.io/v1alpha1`: - `DNSRecord` - `ManagedZone` diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs index ac7f23ff0..004650774 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusterflows.rs @@ -46,8 +46,6 @@ pub struct ClusterFlowFilters { pub detect_exceptions: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub elasticsearch_genid: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enhanceK8s")] - pub enhance_k8s: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub geoip: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -65,8 +63,6 @@ pub struct ClusterFlowFilters { #[serde(default, skip_serializing_if = "Option::is_none")] pub stdout: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub tag_normaliser: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub throttle: Option, @@ -166,164 +162,6 @@ pub struct ClusterFlowFiltersElasticsearchGenid { pub use_record_as_seed: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8s { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub api_groups: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bearer_token_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh_variation: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_ttl: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_cert: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub core_api_versions: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_namespace_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_pod_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubernetes_url: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret_dir: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ssl_partial_chain: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFile { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCert { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKey { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterFlowFiltersGeoip { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -929,62 +767,6 @@ pub struct ClusterFlowFiltersStdout { pub output_type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_value: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_container_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_facility_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_host_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_namespace_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_pod_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_priority_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_unit_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_replace_dash: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_annotation_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_container_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_label_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod_id: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterFlowFiltersTagNormaliser { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusteroutputs.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusteroutputs.rs index a8e31e378..43ec5ba13 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusteroutputs.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/clusteroutputs.rs @@ -77,8 +77,6 @@ pub struct ClusterOutputSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub sqs: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub syslog: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "vmwareLogInsight")] pub vmware_log_insight: Option, @@ -7253,164 +7251,6 @@ pub struct ClusterOutputSqsBuffer { pub r#type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub add_timestamp: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub buffer: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress_encoding: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_dimensions: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_fields: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delimiter: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_cookies: Option, - pub endpoint: ClusterOutputSumologicEndpoint, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub metric_data_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub open_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub proxy_uri: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub slow_flush_log_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - pub source_name: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumo_client: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timestamp_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicBuffer { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_full_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_records: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delayed_commit_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_chunk_backup: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disabled: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_at_shutdown: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_mode: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_burst_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_count: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub overflow_action: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queue_limit_length: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queued_chunks_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_exponential_backoff_base: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_forever: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_times: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_randomize: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_secondary_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tags: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_use_utc: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_zone: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub total_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpoint { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOutputSyslog { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs index 28bd8836e..4ad5106d7 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/flows.rs @@ -48,8 +48,6 @@ pub struct FlowFilters { pub detect_exceptions: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub elasticsearch_genid: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enhanceK8s")] - pub enhance_k8s: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub geoip: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -67,8 +65,6 @@ pub struct FlowFilters { #[serde(default, skip_serializing_if = "Option::is_none")] pub stdout: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub tag_normaliser: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub throttle: Option, @@ -168,164 +164,6 @@ pub struct FlowFiltersElasticsearchGenid { pub use_record_as_seed: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8s { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub api_groups: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bearer_token_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh_variation: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_ttl: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_cert: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub core_api_versions: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_namespace_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_pod_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubernetes_url: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret_dir: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ssl_partial_chain: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFile { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCert { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKey { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowFiltersGeoip { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -931,62 +769,6 @@ pub struct FlowFiltersStdout { pub output_type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_value: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_container_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_facility_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_host_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_namespace_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_pod_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_priority_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_unit_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_replace_dash: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_annotation_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_container_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_label_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod_id: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowFiltersTagNormaliser { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/outputs.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/outputs.rs index 4d964a742..289e4e68e 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/outputs.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1alpha1/outputs.rs @@ -69,8 +69,6 @@ pub struct OutputSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub sqs: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub syslog: Option, } @@ -6874,164 +6872,6 @@ pub struct OutputSqsBuffer { pub r#type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub add_timestamp: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub buffer: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress_encoding: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_dimensions: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_fields: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delimiter: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_cookies: Option, - pub endpoint: OutputSumologicEndpoint, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub metric_data_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub open_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub proxy_uri: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub slow_flush_log_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - pub source_name: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumo_client: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timestamp_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicBuffer { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_full_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_records: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delayed_commit_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_chunk_backup: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disabled: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_at_shutdown: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_mode: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_burst_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_count: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub overflow_action: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queue_limit_length: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queued_chunks_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_exponential_backoff_base: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_forever: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_times: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_randomize: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_secondary_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tags: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_use_utc: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_zone: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub total_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpoint { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OutputSyslog { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs index ad6561fec..5890aa467 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusterflows.rs @@ -46,8 +46,6 @@ pub struct ClusterFlowFilters { pub detect_exceptions: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub elasticsearch_genid: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enhanceK8s")] - pub enhance_k8s: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub geoip: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -65,8 +63,6 @@ pub struct ClusterFlowFilters { #[serde(default, skip_serializing_if = "Option::is_none")] pub stdout: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub tag_normaliser: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub throttle: Option, @@ -166,164 +162,6 @@ pub struct ClusterFlowFiltersElasticsearchGenid { pub use_record_as_seed: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8s { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub api_groups: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bearer_token_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh_variation: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_ttl: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_cert: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub core_api_versions: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_namespace_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_pod_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubernetes_url: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret_dir: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ssl_partial_chain: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFile { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sCaFileValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCert { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientCertValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKey { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersEnhanceK8sClientKeyValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterFlowFiltersGeoip { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -929,62 +767,6 @@ pub struct ClusterFlowFiltersStdout { pub output_type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterFlowFiltersSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_value: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_container_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_facility_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_host_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_namespace_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_pod_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_priority_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_unit_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_replace_dash: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_annotation_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_container_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_label_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod_id: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterFlowFiltersTagNormaliser { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusteroutputs.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusteroutputs.rs index 03f74d74e..d62a3cf29 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusteroutputs.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/clusteroutputs.rs @@ -77,8 +77,6 @@ pub struct ClusterOutputSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub sqs: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub syslog: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "vmwareLogInsight")] pub vmware_log_insight: Option, @@ -7253,164 +7251,6 @@ pub struct ClusterOutputSqsBuffer { pub r#type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub add_timestamp: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub buffer: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress_encoding: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_dimensions: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_fields: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delimiter: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_cookies: Option, - pub endpoint: ClusterOutputSumologicEndpoint, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub metric_data_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub open_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub proxy_uri: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub slow_flush_log_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - pub source_name: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumo_client: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timestamp_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicBuffer { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_full_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_records: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delayed_commit_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_chunk_backup: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disabled: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_at_shutdown: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_mode: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_burst_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_count: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub overflow_action: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queue_limit_length: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queued_chunks_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_exponential_backoff_base: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_forever: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_times: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_randomize: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_secondary_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tags: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_use_utc: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_zone: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub total_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpoint { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct ClusterOutputSumologicEndpointValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOutputSyslog { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs index 30bd4a275..bd12d6ae9 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/flows.rs @@ -48,8 +48,6 @@ pub struct FlowFilters { pub detect_exceptions: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub elasticsearch_genid: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "enhanceK8s")] - pub enhance_k8s: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub geoip: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -67,8 +65,6 @@ pub struct FlowFilters { #[serde(default, skip_serializing_if = "Option::is_none")] pub stdout: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub tag_normaliser: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub throttle: Option, @@ -168,164 +164,6 @@ pub struct FlowFiltersElasticsearchGenid { pub use_record_as_seed: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8s { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub api_groups: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub bearer_token_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ca_file: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_refresh_variation: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub cache_ttl: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_cert: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub client_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub core_api_versions: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_namespace_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub in_pod_path: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub kubernetes_url: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub secret_dir: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub ssl_partial_chain: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFile { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sCaFileValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCert { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientCertValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKey { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersEnhanceK8sClientKeyValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowFiltersGeoip { #[serde(default, skip_serializing_if = "Option::is_none")] @@ -931,62 +769,6 @@ pub struct FlowFiltersStdout { pub output_type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct FlowFiltersSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub collector_value: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_container_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_facility_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_host_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_namespace_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_pod_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_priority_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub exclude_unit_regex: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category_replace_dash: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_annotation_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_container_name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_host: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_label_prefix: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_namespace: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tracing_pod_id: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct FlowFiltersTagNormaliser { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/outputs.rs b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/outputs.rs index d186736ad..c1a33f22e 100644 --- a/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/outputs.rs +++ b/kube-custom-resources-rs/src/logging_banzaicloud_io/v1beta1/outputs.rs @@ -73,8 +73,6 @@ pub struct OutputSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub sqs: Option, #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumologic: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] pub syslog: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "vmwareLogInsight")] pub vmware_log_insight: Option, @@ -7249,164 +7247,6 @@ pub struct OutputSqsBuffer { pub r#type: Option, } -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologic { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub add_timestamp: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub buffer: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress_encoding: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_dimensions: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub custom_fields: Option>, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub data_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delimiter: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_cookies: Option, - pub endpoint: OutputSumologicEndpoint, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub log_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub metric_data_format: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub open_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub proxy_uri: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub slow_flush_log_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_category: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_host: Option, - pub source_name: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub source_name_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub sumo_client: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timestamp_key: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub verify_ssl: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicBuffer { - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_full_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_records: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub chunk_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub compress: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub delayed_commit_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disable_chunk_backup: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub disabled: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_at_shutdown: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_mode: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_burst_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_count: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub flush_thread_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub overflow_action: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub path: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queue_limit_length: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub queued_chunks_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_exponential_backoff_base: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_forever: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_interval: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_max_times: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_randomize: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_secondary_threshold: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_timeout: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_type: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub retry_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub tags: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_use_utc: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_wait: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub timekey_zone: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub total_limit_size: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] - pub r#type: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpoint { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "mountFrom")] - pub mount_from: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option, - #[serde(default, skip_serializing_if = "Option::is_none", rename = "valueFrom")] - pub value_from: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointMountFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointMountFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointValueFrom { - #[serde(default, skip_serializing_if = "Option::is_none", rename = "secretKeyRef")] - pub secret_key_ref: Option, -} - -#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] -pub struct OutputSumologicEndpointValueFromSecretKeyRef { - pub key: String, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, - #[serde(default, skip_serializing_if = "Option::is_none")] - pub optional: Option, -} - #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OutputSyslog { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/logging_extensions_banzaicloud_io/v1alpha1/hosttailers.rs b/kube-custom-resources-rs/src/logging_extensions_banzaicloud_io/v1alpha1/hosttailers.rs index 66aadff9e..35dc09ce9 100644 --- a/kube-custom-resources-rs/src/logging_extensions_banzaicloud_io/v1alpha1/hosttailers.rs +++ b/kube-custom-resources-rs/src/logging_extensions_banzaicloud_io/v1alpha1/hosttailers.rs @@ -26,8 +26,8 @@ pub struct HostTailerSpec { pub image: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "systemdTailers")] pub systemd_tailers: Option>, - #[serde(rename = "workloadMetaOverrides")] - pub workload_meta_overrides: HostTailerWorkloadMetaOverrides, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "workloadMetaOverrides")] + pub workload_meta_overrides: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "workloadOverrides")] pub workload_overrides: Option, } diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs index ec5cc9183..2930ae8f1 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/podmonitors.rs @@ -96,6 +96,11 @@ pub struct PodMonitorSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// @@ -210,11 +215,14 @@ pub struct PodMonitorPodMetricsEndpoints { /// If empty, Prometheus uses the default value (e.g. `/metrics`). #[serde(default, skip_serializing_if = "Option::is_none")] pub path: Option, - /// Name of the Pod port which this endpoint refers to. + /// The `Pod` port name which exposes the endpoint. /// - /// It takes precedence over `targetPort`. + /// It takes precedence over the `portNumber` and `targetPort` fields. #[serde(default, skip_serializing_if = "Option::is_none")] pub port: Option, + /// The `Pod` port number which exposes the endpoint. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] + pub port_number: Option, /// `proxyURL` configures the HTTP Proxy URL (e.g. /// "http://proxyserver:2195") to go through when scraping the target. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] @@ -246,7 +254,7 @@ pub struct PodMonitorPodMetricsEndpoints { /// Name or number of the target port of the `Pod` object behind the Service, the /// port must be specified with container port property. /// - /// Deprecated: use 'port' instead. + /// Deprecated: use 'port' or 'portNumber' instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetPort")] pub target_port: Option, /// TLS configuration to use when scraping the target. @@ -1025,6 +1033,20 @@ pub enum PodMonitorPodMetricsEndpointsTlsConfigMinVersion { Tls13, } +/// Specification of desired Pod selection for target discovery by Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PodMonitorScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// Label selector to select the Kubernetes `Pod` objects to scrape metrics from. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PodMonitorSelector { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs index f60c6dd3f..4667e1d43 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/probes.rs @@ -91,6 +91,11 @@ pub struct ProbeSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// @@ -632,6 +637,20 @@ pub enum ProbeProberScheme { Https, } +/// Specification of desired Ingress selection for target discovery by Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ProbeScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// Targets defines a set of static or dynamically discovered targets to probe. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ProbeTargets { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs index 63a7a273d..9a381c937 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/prometheuses.rs @@ -151,6 +151,8 @@ pub struct PrometheusSpec { #[serde(default, skip_serializing_if = "Option::is_none")] pub containers: Option>, /// When true, the Prometheus compaction is disabled. + /// When `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically + /// disables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends). #[serde(default, skip_serializing_if = "Option::is_none", rename = "disableCompaction")] pub disable_compaction: Option, /// Defines the DNS configuration for the pods. @@ -179,6 +181,13 @@ pub struct PrometheusSpec { /// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, + /// Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. + /// + /// Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. + /// + /// It requires Prometheus >= v2.47.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableOTLPReceiver")] + pub enable_otlp_receiver: Option, /// Enable Prometheus to be used as a receiver for the Prometheus remote /// write protocol. /// @@ -441,6 +450,9 @@ pub struct PrometheusSpec { /// enabling the StatefulSetMinReadySeconds feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "minReadySeconds")] pub min_ready_seconds: Option, + /// Specifies the validation scheme for metric and label names. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nameValidationScheme")] + pub name_validation_scheme: Option, /// Defines on which Nodes the Pods are scheduled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, @@ -664,6 +676,11 @@ pub struct PrometheusSpec { /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigSelector")] pub scrape_config_selector: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// Interval between consecutive scrapes. /// /// Default: "30s" @@ -675,6 +692,8 @@ pub struct PrometheusSpec { /// If unset, Prometheus uses its default value. /// /// It requires Prometheus >= v2.49.0. + /// + /// `PrometheusText1.0.0` requires Prometheus >= v3.0.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, /// Number of seconds to wait until a scrape request times out. @@ -722,19 +741,28 @@ pub struct PrometheusSpec { /// Deprecated: use 'spec.image' instead. The image's digest can be specified as part of the image name. #[serde(default, skip_serializing_if = "Option::is_none")] pub sha: Option, - /// Number of shards to distribute targets onto. `spec.replicas` - /// multiplied by `spec.shards` is the total number of Pods created. + /// Number of shards to distribute scraped targets onto. + /// + /// `spec.replicas` multiplied by `spec.shards` is the total number of Pods + /// being created. + /// + /// When not defined, the operator assumes only one shard. /// - /// Note that scaling down shards will not reshard data onto remaining + /// Note that scaling down shards will not reshard data onto the remaining /// instances, it must be manually moved. Increasing shards will not reshard /// data either but it will continue to be available from the same /// instances. To query globally, use Thanos sidecar and Thanos querier or /// remote write data to a central location. + /// Alerting and recording rules /// - /// Sharding is performed on the content of the `__address__` target meta-label - /// for PodMonitors and ServiceMonitors and `__param_target__` for Probes. + /// By default, the sharding is performed on: + /// * The `__address__` target's metadata label for PodMonitor, + /// ServiceMonitor and ScrapeConfig resources. + /// * The `__param_target__` label for Probe resources. /// - /// Default: 1 + /// Users can define their own sharding implementation by setting the + /// `__tmp_hash` label during the target discovery with relabeling + /// configuration (either in the monitoring resources or via scrape class). #[serde(default, skip_serializing_if = "Option::is_none")] pub shards: Option, /// Storage defines the storage used by Prometheus. @@ -1614,9 +1642,10 @@ pub struct PrometheusAlertingAlertmanagers { #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertRelabelings")] pub alert_relabelings: Option>, /// Version of the Alertmanager API that Prometheus uses to send alerts. - /// It can be "v1" or "v2". + /// It can be "V1" or "V2". + /// The field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] - pub api_version: Option, + pub api_version: Option, /// Authorization section for Alertmanager. /// /// Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. @@ -1763,6 +1792,20 @@ pub enum PrometheusAlertingAlertmanagersAlertRelabelingsAction { DropEqual, } +/// AlertmanagerEndpoints defines a selection of a single Endpoints object +/// containing Alertmanager IPs to fire alerts against. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAlertingAlertmanagersApiVersion { + #[serde(rename = "v1")] + V1, + #[serde(rename = "V1")] + V1X, + #[serde(rename = "v2")] + V2, + #[serde(rename = "V2")] + V2X, +} + /// Authorization section for Alertmanager. /// /// Cannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`. @@ -5080,6 +5123,15 @@ pub enum PrometheusLogLevel { Error, } +/// Specification of the desired behavior of the Prometheus cluster. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusNameValidationScheme { + #[serde(rename = "UTF8")] + Utf8, + Legacy, +} + /// Settings related to the OTLP receiver feature. /// It requires Prometheus >= v2.55.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -5087,6 +5139,21 @@ pub struct PrometheusOtlp { /// List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. #[serde(default, skip_serializing_if = "Option::is_none", rename = "promoteResourceAttributes")] pub promote_resource_attributes: Option>, + /// Configures how the OTLP receiver endpoint translates the incoming metrics. + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "translationStrategy")] + pub translation_strategy: Option, +} + +/// Settings related to the OTLP receiver feature. +/// It requires Prometheus >= v2.55.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusOtlpTranslationStrategy { + #[serde(rename = "NoUTF8EscapingWithSuffixes")] + NoUtf8EscapingWithSuffixes, + UnderscoreEscapingWithSuffixes, } /// The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. @@ -7670,6 +7737,21 @@ pub struct PrometheusScrapeConfigSelectorMatchExpressions { pub values: Option>, } +/// Specification of the desired behavior of the Prometheus cluster. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// SecurityContext holds pod-level security attributes and common container settings. /// This defaults to the default PodSecurityContext. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs index 26516bf8a..119f9c547 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/servicemonitors.rs @@ -98,6 +98,11 @@ pub struct ServiceMonitorSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// `scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the /// protocols supported by Prometheus in order of preference (from most to least preferred). /// @@ -1043,6 +1048,21 @@ pub struct ServiceMonitorNamespaceSelector { pub match_names: Option>, } +/// Specification of desired Service selection for target discovery by +/// Prometheus. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ServiceMonitorScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// Label selector to select the Kubernetes `Endpoints` objects to scrape metrics from. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceMonitorSelector { diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs index 44d3d691b..7d0e3bc80 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1/thanosrulers.rs @@ -35,8 +35,10 @@ pub struct ThanosRulerSpec { /// If specified, the pod's scheduling constraints. #[serde(default, skip_serializing_if = "Option::is_none")] pub affinity: Option, - /// AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. - /// The replica label `thanos_ruler_replica` will always be dropped in alerts. + /// Configures the label names which should be dropped in Thanos Ruler + /// alerts. + /// + /// The replica label `thanos_ruler_replica` will always be dropped from the alerts. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertDropLabels")] pub alert_drop_labels: Option>, /// The external Query URL the Thanos Ruler will set in the 'Source' field @@ -44,24 +46,44 @@ pub struct ThanosRulerSpec { /// Maps to the '--alert.query-url' CLI arg. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertQueryUrl")] pub alert_query_url: Option, - /// AlertRelabelConfigFile specifies the path of the alert relabeling configuration file. - /// When used alongside with AlertRelabelConfigs, alertRelabelConfigFile takes precedence. + /// Configures the path to the alert relabeling configuration file. + /// + /// Alert relabel configuration must have the form as specified in the + /// official Prometheus documentation: + /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs + /// + /// The operator performs no validation of the configuration file. + /// + /// This field takes precedence over `alertRelabelConfig`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertRelabelConfigFile")] pub alert_relabel_config_file: Option, - /// AlertRelabelConfigs configures alert relabeling in ThanosRuler. - /// Alert relabel configurations must have the form as specified in the official Prometheus documentation: + /// Configures alert relabeling in Thanos Ruler. + /// + /// Alert relabel configuration must have the form as specified in the + /// official Prometheus documentation: /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - /// Alternative to AlertRelabelConfigFile, and lower order priority. + /// + /// The operator performs no validation of the configuration. + /// + /// `alertRelabelConfigFile` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertRelabelConfigs")] pub alert_relabel_configs: Option, - /// Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 - /// and higher. Maps to the `alertmanagers.config` arg. + /// Configures the list of Alertmanager endpoints to send alerts to. + /// + /// The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. + /// + /// It requires Thanos >= v0.10.0. + /// + /// The operator performs no validation of the configuration. + /// + /// This field takes precedence over `alertmanagersUrl`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertmanagersConfig")] pub alertmanagers_config: Option, - /// Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, - /// AlertManagersConfig should be used instead. Note: this field will be ignored - /// if AlertManagersConfig is specified. - /// Maps to the `alertmanagers.url` arg. + /// Configures the list of Alertmanager endpoints to send alerts to. + /// + /// For Thanos >= v0.10.0, it is recommended to use `alertmanagersConfig` instead. + /// + /// `alertmanagersConfig` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "alertmanagersUrl")] pub alertmanagers_url: Option>, /// Containers allows injecting additional containers or modifying operator generated @@ -127,8 +149,10 @@ pub struct ThanosRulerSpec { /// at any time without notice. #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] pub init_containers: Option>, - /// Labels configure the external label pairs to ThanosRuler. A default replica label - /// `thanos_ruler_replica` will be always added as a label with the value of the pod's name and it will be dropped in the alerts. + /// Configures the external label pairs of the ThanosRuler resource. + /// + /// A default replica label `thanos_ruler_replica` will be always added as a + /// label with the value of the pod's name. #[serde(default, skip_serializing_if = "Option::is_none")] pub labels: Option>, /// ListenLocal makes the Thanos ruler listen on loopback, so that it @@ -150,12 +174,22 @@ pub struct ThanosRulerSpec { /// Define which Nodes the Pods are scheduled on. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, - /// ObjectStorageConfig configures object storage in Thanos. - /// Alternative to ObjectStorageConfigFile, and lower order priority. + /// Configures object storage. + /// + /// The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage + /// + /// The operator performs no validation of the configuration. + /// + /// `objectStorageConfigFile` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageConfig")] pub object_storage_config: Option, - /// ObjectStorageConfigFile specifies the path of the object storage configuration file. - /// When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. + /// Configures the path of the object storage configuration file. + /// + /// The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage + /// + /// The operator performs no validation of the configuration file. + /// + /// This field takes precedence over `objectStorageConfig`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectStorageConfigFile")] pub object_storage_config_file: Option, /// When a ThanosRuler deployment is paused, no actions except for deletion @@ -185,14 +219,22 @@ pub struct ThanosRulerSpec { /// Deprecated: use excludedFromEnforcement instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusRulesExcludedFromEnforce")] pub prometheus_rules_excluded_from_enforce: Option>, - /// Define configuration for connecting to thanos query instances. - /// If this is defined, the QueryEndpoints field will be ignored. - /// Maps to the `query.config` CLI argument. - /// Only available with thanos v0.11.0 and higher. + /// Configures the list of Thanos Query endpoints from which to query metrics. + /// + /// The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api + /// + /// It requires Thanos >= v0.11.0. + /// + /// The operator performs no validation of the configuration. + /// + /// This field takes precedence over `queryEndpoints`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryConfig")] pub query_config: Option, - /// QueryEndpoints defines Thanos querier endpoints from which to query metrics. - /// Maps to the --query flag of thanos ruler. + /// Configures the list of Thanos Query endpoints from which to query metrics. + /// + /// For Thanos >= v0.11.0, it is recommended to use `queryConfig` instead. + /// + /// `queryConfig` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "queryEndpoints")] pub query_endpoints: Option>, /// Number of thanos ruler instances to deploy. @@ -213,8 +255,9 @@ pub struct ThanosRulerSpec { /// the same namespace as the ThanosRuler object is in is used. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ruleNamespaceSelector")] pub rule_namespace_selector: Option, - /// A label selector to select which PrometheusRules to mount for alerting and - /// recording. + /// PrometheusRule objects to be selected for rule evaluation. An empty + /// label selector matches all objects. A null label selector matches no + /// objects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "ruleSelector")] pub rule_selector: Option, /// SecurityContext holds pod-level security attributes and common container settings. @@ -234,20 +277,28 @@ pub struct ThanosRulerSpec { /// If specified, the pod's topology spread constraints. #[serde(default, skip_serializing_if = "Option::is_none", rename = "topologySpreadConstraints")] pub topology_spread_constraints: Option>, - /// TracingConfig configures tracing in Thanos. + /// Configures tracing. /// - /// `tracingConfigFile` takes precedence over this field. + /// The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. + /// + /// The operator performs no validation of the configuration. + /// + /// `tracingConfigFile` takes precedence over this field. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfig")] pub tracing_config: Option, - /// TracingConfig specifies the path of the tracing configuration file. + /// Configures the path of the tracing configuration file. /// - /// This field takes precedence over `tracingConfig`. + /// The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. + /// + /// The operator performs no validation of the configuration file. + /// + /// This field takes precedence over `tracingConfig`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tracingConfigFile")] pub tracing_config_file: Option, /// Version of Thanos to be deployed. @@ -978,10 +1029,15 @@ pub struct ThanosRulerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuri pub values: Option>, } -/// AlertRelabelConfigs configures alert relabeling in ThanosRuler. -/// Alert relabel configurations must have the form as specified in the official Prometheus documentation: +/// Configures alert relabeling in Thanos Ruler. +/// +/// Alert relabel configuration must have the form as specified in the +/// official Prometheus documentation: /// https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs -/// Alternative to AlertRelabelConfigFile, and lower order priority. +/// +/// The operator performs no validation of the configuration. +/// +/// `alertRelabelConfigFile` takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerAlertRelabelConfigs { /// The key of the secret to select from. Must be a valid secret key. @@ -998,8 +1054,15 @@ pub struct ThanosRulerAlertRelabelConfigs { pub optional: Option, } -/// Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 -/// and higher. Maps to the `alertmanagers.config` arg. +/// Configures the list of Alertmanager endpoints to send alerts to. +/// +/// The configuration format is defined at https://thanos.io/tip/components/rule.md/#alertmanager. +/// +/// It requires Thanos >= v0.10.0. +/// +/// The operator performs no validation of the configuration. +/// +/// This field takes precedence over `alertmanagersUrl`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerAlertmanagersConfig { /// The key of the secret to select from. Must be a valid secret key. @@ -3770,8 +3833,13 @@ pub enum ThanosRulerLogLevel { Error, } -/// ObjectStorageConfig configures object storage in Thanos. -/// Alternative to ObjectStorageConfigFile, and lower order priority. +/// Configures object storage. +/// +/// The configuration format is defined at https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage +/// +/// The operator performs no validation of the configuration. +/// +/// `objectStorageConfigFile` takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerObjectStorageConfig { /// The key of the secret to select from. Must be a valid secret key. @@ -3833,10 +3901,15 @@ pub struct ThanosRulerPrometheusRulesExcludedFromEnforce { pub rule_namespace: String, } -/// Define configuration for connecting to thanos query instances. -/// If this is defined, the QueryEndpoints field will be ignored. -/// Maps to the `query.config` CLI argument. -/// Only available with thanos v0.11.0 and higher. +/// Configures the list of Thanos Query endpoints from which to query metrics. +/// +/// The configuration format is defined at https://thanos.io/tip/components/rule.md/#query-api +/// +/// It requires Thanos >= v0.11.0. +/// +/// The operator performs no validation of the configuration. +/// +/// This field takes precedence over `queryEndpoints`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerQueryConfig { /// The key of the secret to select from. Must be a valid secret key. @@ -3923,8 +3996,9 @@ pub struct ThanosRulerRuleNamespaceSelectorMatchExpressions { pub values: Option>, } -/// A label selector to select which PrometheusRules to mount for alerting and -/// recording. +/// PrometheusRule objects to be selected for rule evaluation. An empty +/// label selector matches all objects. A null label selector matches no +/// objects. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerRuleSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -4991,12 +5065,16 @@ pub struct ThanosRulerTopologySpreadConstraintsLabelSelectorMatchExpressions { pub values: Option>, } -/// TracingConfig configures tracing in Thanos. +/// Configures tracing. /// -/// `tracingConfigFile` takes precedence over this field. +/// The configuration format is defined at https://thanos.io/tip/thanos/tracing.md/#configuration /// /// This is an *experimental feature*, it may change in any upcoming release /// in a breaking way. +/// +/// The operator performs no validation of the configuration. +/// +/// `tracingConfigFile` takes precedence over this field. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ThanosRulerTracingConfig { /// The key of the secret to select from. Must be a valid secret key. diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs index 58d4d1423..76e7e7d34 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/alertmanagerconfigs.rs @@ -304,9 +304,14 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1219,9 +1224,14 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1945,9 +1955,14 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -2660,9 +2675,14 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -3422,9 +3442,14 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4220,9 +4245,14 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4887,9 +4917,14 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -5638,9 +5673,14 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6341,9 +6381,14 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6992,9 +7037,14 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -7645,9 +7695,14 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -8348,9 +8403,14 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs index 52c8e93a9..78d8b339d 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/prometheusagents.rs @@ -121,6 +121,13 @@ pub struct PrometheusAgentSpec { /// For more information see https://prometheus.io/docs/prometheus/latest/feature_flags/ #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableFeatures")] pub enable_features: Option>, + /// Enable Prometheus to be used as a receiver for the OTLP Metrics protocol. + /// + /// Note that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined. + /// + /// It requires Prometheus >= v2.47.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableOTLPReceiver")] + pub enable_otlp_receiver: Option, /// Enable Prometheus to be used as a receiver for the Prometheus remote /// write protocol. /// @@ -381,6 +388,9 @@ pub struct PrometheusAgentSpec { /// (Alpha) Using this field requires the `PrometheusAgentDaemonSet` feature gate to be enabled. #[serde(default, skip_serializing_if = "Option::is_none")] pub mode: Option, + /// Specifies the validation scheme for metric and label names. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "nameValidationScheme")] + pub name_validation_scheme: Option, /// Defines on which Nodes the Pods are scheduled. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeSelector")] pub node_selector: Option>, @@ -515,6 +525,9 @@ pub struct PrometheusAgentSpec { /// for use with `kubectl proxy`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "routePrefix")] pub route_prefix: Option, + /// RuntimeConfig configures the values for the Prometheus process behavior + #[serde(default, skip_serializing_if = "Option::is_none")] + pub runtime: Option, /// SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. /// Only valid in Prometheus versions 2.45.0 and newer. /// @@ -551,6 +564,11 @@ pub struct PrometheusAgentSpec { /// Note that the ScrapeConfig custom resource definition is currently at Alpha level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeConfigSelector")] pub scrape_config_selector: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// Interval between consecutive scrapes. /// /// Default: "30s" @@ -562,6 +580,8 @@ pub struct PrometheusAgentSpec { /// If unset, Prometheus uses its default value. /// /// It requires Prometheus >= v2.49.0. + /// + /// `PrometheusText1.0.0` requires Prometheus >= v3.0.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeProtocols")] pub scrape_protocols: Option>, /// Number of seconds to wait until a scrape request times out. @@ -606,19 +626,28 @@ pub struct PrometheusAgentSpec { /// `spec.additionalScrapeConfigs` instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceMonitorSelector")] pub service_monitor_selector: Option, - /// Number of shards to distribute targets onto. `spec.replicas` - /// multiplied by `spec.shards` is the total number of Pods created. + /// Number of shards to distribute scraped targets onto. + /// + /// `spec.replicas` multiplied by `spec.shards` is the total number of Pods + /// being created. /// - /// Note that scaling down shards will not reshard data onto remaining + /// When not defined, the operator assumes only one shard. + /// + /// Note that scaling down shards will not reshard data onto the remaining /// instances, it must be manually moved. Increasing shards will not reshard /// data either but it will continue to be available from the same /// instances. To query globally, use Thanos sidecar and Thanos querier or /// remote write data to a central location. + /// Alerting and recording rules /// - /// Sharding is performed on the content of the `__address__` target meta-label - /// for PodMonitors and ServiceMonitors and `__param_target__` for Probes. + /// By default, the sharding is performed on: + /// * The `__address__` target's metadata label for PodMonitor, + /// ServiceMonitor and ScrapeConfig resources. + /// * The `__param_target__` label for Probe resources. /// - /// Default: 1 + /// Users can define their own sharding implementation by setting the + /// `__tmp_hash` label during the target discovery with relabeling + /// configuration (either in the monitoring resources or via scrape class). #[serde(default, skip_serializing_if = "Option::is_none")] pub shards: Option, /// Storage defines the storage used by Prometheus. @@ -4315,6 +4344,15 @@ pub enum PrometheusAgentMode { DaemonSet, } +/// Specification of the desired behavior of the Prometheus agent. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentNameValidationScheme { + #[serde(rename = "UTF8")] + Utf8, + Legacy, +} + /// Settings related to the OTLP receiver feature. /// It requires Prometheus >= v2.55.0. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -4322,6 +4360,21 @@ pub struct PrometheusAgentOtlp { /// List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none. #[serde(default, skip_serializing_if = "Option::is_none", rename = "promoteResourceAttributes")] pub promote_resource_attributes: Option>, + /// Configures how the OTLP receiver endpoint translates the incoming metrics. + /// If unset, Prometheus uses its default value. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "translationStrategy")] + pub translation_strategy: Option, +} + +/// Settings related to the OTLP receiver feature. +/// It requires Prometheus >= v2.55.0. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentOtlpTranslationStrategy { + #[serde(rename = "NoUTF8EscapingWithSuffixes")] + NoUtf8EscapingWithSuffixes, + UnderscoreEscapingWithSuffixes, } /// The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet. @@ -5595,6 +5648,15 @@ pub struct PrometheusAgentResourcesClaims { pub request: Option, } +/// RuntimeConfig configures the values for the Prometheus process behavior +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PrometheusAgentRuntime { + /// The Go garbage collection target percentage. Lowering this number may increase the CPU usage. + /// See: https://tip.golang.org/doc/gc-guide#GOGC + #[serde(default, skip_serializing_if = "Option::is_none", rename = "goGC")] + pub go_gc: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PrometheusAgentScrapeClasses { /// AttachMetadata configures additional metadata to the discovered targets. @@ -6096,6 +6158,21 @@ pub struct PrometheusAgentScrapeConfigSelectorMatchExpressions { pub values: Option>, } +/// Specification of the desired behavior of the Prometheus agent. More info: +/// https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum PrometheusAgentScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// SecurityContext holds pod-level security attributes and common container settings. /// This defaults to the default PodSecurityContext. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs index 3bdafaafc..cc4d410ee 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1alpha1/scrapeconfigs.rs @@ -53,6 +53,9 @@ pub struct ScrapeConfigSpec { /// If unset, Prometheus uses true by default. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableCompression")] pub enable_compression: Option, + /// Whether to enable HTTP2. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] + pub enable_http2: Option, /// EurekaSDConfigs defines a list of Eureka service discovery configurations. #[serde(default, skip_serializing_if = "Option::is_none", rename = "eurekaSDConfigs")] pub eureka_sd_configs: Option>, @@ -192,6 +195,11 @@ pub struct ScrapeConfigSpec { /// It requires Prometheus >= v2.45.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeClassicHistograms")] pub scrape_classic_histograms: Option, + /// The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type. + /// + /// It requires Prometheus >= v3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeFallbackProtocol")] + pub scrape_fallback_protocol: Option, /// ScrapeInterval is the interval between consecutive scrapes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scrapeInterval")] pub scrape_interval: Option, @@ -376,11 +384,13 @@ pub struct ScrapeConfigConsulSdConfigs { /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowStale")] pub allow_stale: Option, - /// Authorization header configuration to authenticate against the Consul Server. + /// Optional Authorization header configuration to authenticate against the Consul Server. + /// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none")] pub authorization: Option, - /// BasicAuth information to authenticate against the Consul Server. + /// Optional BasicAuth information to authenticate against the Consul Server. /// More info: https://prometheus.io/docs/operating/configuration/#endpoints + /// Cannot be set at the same time as `authorization`, or `oauth2`. #[serde(default, skip_serializing_if = "Option::is_none", rename = "basicAuth")] pub basic_auth: Option, /// Consul Datacenter name, if not provided it will use the local Consul Agent Datacenter. @@ -390,11 +400,18 @@ pub struct ScrapeConfigConsulSdConfigs { /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "enableHTTP2")] pub enable_http2: Option, + /// Filter expression used to filter the catalog results. + /// See https://www.consul.io/api-docs/catalog#list-services + /// It requires Prometheus >= 3.0.0. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filter: Option, /// Configure whether HTTP requests follow HTTP 3xx redirects. /// If unset, Prometheus uses its default value. #[serde(default, skip_serializing_if = "Option::is_none", rename = "followRedirects")] pub follow_redirects: Option, /// Namespaces are only supported in Consul Enterprise. + /// + /// It requires Prometheus >= 2.28.0. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, /// `noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names @@ -405,14 +422,21 @@ pub struct ScrapeConfigConsulSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "noProxy")] pub no_proxy: Option, /// Node metadata key/value pairs to filter nodes for a given service. + /// Starting with Consul 1.14, it is recommended to use `filter` with the `NodeMeta` selector instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeMeta")] pub node_meta: Option>, - /// Optional OAuth 2.0 configuration. + /// Optional OAuth2.0 configuration. + /// Cannot be set at the same time as `basicAuth`, or `authorization`. #[serde(default, skip_serializing_if = "Option::is_none")] pub oauth2: Option, /// Admin Partitions are only supported in Consul Enterprise. #[serde(default, skip_serializing_if = "Option::is_none")] pub partition: Option, + /// Prefix for URIs for when consul is behind an API gateway (reverse proxy). + /// + /// It requires Prometheus >= 2.45.0. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "pathPrefix")] + pub path_prefix: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// @@ -435,7 +459,7 @@ pub struct ScrapeConfigConsulSdConfigs { /// HTTP Scheme default "http" #[serde(default, skip_serializing_if = "Option::is_none")] pub scheme: Option, - /// A valid string consisting of a hostname or IP followed by an optional port number. + /// Consul server address. A valid string consisting of a hostname or IP followed by an optional port number. pub server: String, /// A list of services for which targets are retrieved. If omitted, all services are scraped. #[serde(default, skip_serializing_if = "Option::is_none")] @@ -445,9 +469,10 @@ pub struct ScrapeConfigConsulSdConfigs { #[serde(default, skip_serializing_if = "Option::is_none", rename = "tagSeparator")] pub tag_separator: Option, /// An optional list of tags used to filter nodes for a given service. Services must contain all tags in the list. + /// Starting with Consul 1.14, it is recommended to use `filter` with the `ServiceTags` selector instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub tags: Option>, - /// TLS Config + /// TLS configuration to connect to the Consul API. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, /// Consul ACL TokenRef, if not provided it will use the ACL from the local Consul Agent. @@ -455,7 +480,8 @@ pub struct ScrapeConfigConsulSdConfigs { pub token_ref: Option, } -/// Authorization header configuration to authenticate against the Consul Server. +/// Optional Authorization header configuration to authenticate against the Consul Server. +/// Cannot be set at the same time as `basicAuth`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsAuthorization { /// Selects a key of a Secret in the namespace that contains the credentials for authentication. @@ -487,8 +513,9 @@ pub struct ScrapeConfigConsulSdConfigsAuthorizationCredentials { pub optional: Option, } -/// BasicAuth information to authenticate against the Consul Server. +/// Optional BasicAuth information to authenticate against the Consul Server. /// More info: https://prometheus.io/docs/operating/configuration/#endpoints +/// Cannot be set at the same time as `authorization`, or `oauth2`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsBasicAuth { /// `password` specifies a key of a Secret containing the password for @@ -537,7 +564,8 @@ pub struct ScrapeConfigConsulSdConfigsBasicAuthUsername { pub optional: Option, } -/// Optional OAuth 2.0 configuration. +/// Optional OAuth2.0 configuration. +/// Cannot be set at the same time as `basicAuth`, or `authorization`. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsOauth2 { /// `clientId` specifies a key of a Secret or ConfigMap containing the @@ -859,7 +887,7 @@ pub enum ScrapeConfigConsulSdConfigsScheme { Https, } -/// TLS Config +/// TLS configuration to connect to the Consul API. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ScrapeConfigConsulSdConfigsTlsConfig { /// Certificate authority used when verifying server certificates. @@ -996,7 +1024,7 @@ pub struct ScrapeConfigConsulSdConfigsTlsConfigKeySecret { pub optional: Option, } -/// TLS Config +/// TLS configuration to connect to the Consul API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { #[serde(rename = "TLS10")] @@ -1009,7 +1037,7 @@ pub enum ScrapeConfigConsulSdConfigsTlsConfigMaxVersion { Tls13, } -/// TLS Config +/// TLS configuration to connect to the Consul API. #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] pub enum ScrapeConfigConsulSdConfigsTlsConfigMinVersion { #[serde(rename = "TLS10")] @@ -1067,7 +1095,7 @@ pub struct ScrapeConfigDigitalOceanSdConfigs { pub oauth2: Option, /// The port to scrape metrics from. #[serde(default, skip_serializing_if = "Option::is_none")] - pub port: Option, + pub port: Option, /// ProxyConnectHeader optionally specifies headers to send to /// proxies during CONNECT requests. /// @@ -10280,6 +10308,20 @@ pub enum ScrapeConfigScheme { Https, } +/// ScrapeConfigSpec is a specification of the desired configuration for a scrape configuration. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ScrapeConfigScrapeFallbackProtocol { + PrometheusProto, + #[serde(rename = "OpenMetricsText0.0.1")] + OpenMetricsText001, + #[serde(rename = "OpenMetricsText1.0.0")] + OpenMetricsText100, + #[serde(rename = "PrometheusText0.0.4")] + PrometheusText004, + #[serde(rename = "PrometheusText1.0.0")] + PrometheusText100, +} + /// StaticConfig defines a Prometheus static configuration. /// See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs index 4390888e8..81b9b228d 100644 --- a/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs +++ b/kube-custom-resources-rs/src/monitoring_coreos_com/v1beta1/alertmanagerconfigs.rs @@ -243,9 +243,14 @@ pub struct AlertmanagerConfigReceiversDiscordConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1134,9 +1139,14 @@ pub struct AlertmanagerConfigReceiversMsteamsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -1840,9 +1850,14 @@ pub struct AlertmanagerConfigReceiversOpsgenieConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -2563,9 +2578,14 @@ pub struct AlertmanagerConfigReceiversPagerdutyConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -3301,9 +3321,14 @@ pub struct AlertmanagerConfigReceiversPushoverConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4067,9 +4092,14 @@ pub struct AlertmanagerConfigReceiversSlackConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -4726,9 +4756,14 @@ pub struct AlertmanagerConfigReceiversSnsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -5461,9 +5496,14 @@ pub struct AlertmanagerConfigReceiversTelegramConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6148,9 +6188,14 @@ pub struct AlertmanagerConfigReceiversVictoropsConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -6790,9 +6835,14 @@ pub struct AlertmanagerConfigReceiversWebexConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -7435,9 +7485,14 @@ pub struct AlertmanagerConfigReceiversWebhookConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, @@ -8114,9 +8169,14 @@ pub struct AlertmanagerConfigReceiversWechatConfigsHttpConfig { /// It requires Prometheus >= v2.43.0 or Alertmanager >= 0.25.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyFromEnvironment")] pub proxy_from_environment: Option, + /// Optional proxy URL. + /// + /// If defined, this field takes precedence over `proxyUrl`. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyURL")] + pub proxy_url: Option, /// `proxyURL` defines the HTTP proxy server to use. #[serde(default, skip_serializing_if = "Option::is_none", rename = "proxyUrl")] - pub proxy_url: Option, + pub proxy_url_x: Option, /// TLS configuration for the client. #[serde(default, skip_serializing_if = "Option::is_none", rename = "tlsConfig")] pub tls_config: Option, diff --git a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs index 3ccb22a4b..a467db876 100644 --- a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs +++ b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusteringresses.rs @@ -129,7 +129,6 @@ pub struct MultiClusterIngressRules { /// IngressRuleValue. If the host is unspecified, the Ingress routes all /// traffic based on the specified IngressRuleValue. /// - /// /// host can be "precise" which is a domain name without the terminating dot of /// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name /// prefixed with a single wildcard label (e.g. "*.foo.com"). @@ -319,10 +318,7 @@ pub struct MultiClusterIngressStatusLoadBalancerIngressPorts { /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// port is the port number of the ingress port. pub port: i32, /// protocol is the protocol of the ingress port. diff --git a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs index 01c5ad69c..d3e0838d4 100644 --- a/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs +++ b/kube-custom-resources-rs/src/networking_karmada_io/v1alpha1/multiclusterservices.rs @@ -63,8 +63,7 @@ pub struct MultiClusterServiceSpec { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MultiClusterServiceConsumerClusters { /// Name is the name of the cluster to be selected. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// ExposurePort describes which port will be exposed. @@ -82,8 +81,7 @@ pub struct MultiClusterServicePorts { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct MultiClusterServiceProviderClusters { /// Name is the name of the cluster to be selected. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub name: Option, + pub name: String, } /// Range specifies the ranges where the referencing service should @@ -156,10 +154,7 @@ pub struct MultiClusterServiceStatusLoadBalancerIngressPorts { /// CamelCase names /// - cloud provider specific error values must have names that comply with the /// format foo.example.com/CamelCase. - /// --- - /// The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - #[serde(default, skip_serializing_if = "Option::is_none")] - pub error: Option, + pub error: String, /// Port is the port number of the service port of which status is recorded here pub port: i32, /// Protocol is the protocol of the service port of which status is recorded here diff --git a/kube-custom-resources-rs/src/operations_kubeedge_io/v1alpha1/nodeupgradejobs.rs b/kube-custom-resources-rs/src/operations_kubeedge_io/v1alpha1/nodeupgradejobs.rs index be2f03515..84120f3dd 100644 --- a/kube-custom-resources-rs/src/operations_kubeedge_io/v1alpha1/nodeupgradejobs.rs +++ b/kube-custom-resources-rs/src/operations_kubeedge_io/v1alpha1/nodeupgradejobs.rs @@ -18,38 +18,57 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct NodeUpgradeJobSpec { - /// CheckItems specifies the items need to be checked before the task is executed. The default CheckItems value is nil. + /// CheckItems specifies the items need to be checked before the task is executed. + /// The default CheckItems value is nil. #[serde(default, skip_serializing_if = "Option::is_none", rename = "checkItems")] pub check_items: Option>, - /// Concurrency specifies the max number of edge nodes that can be upgraded at the same time. The default Concurrency value is 1. + /// Concurrency specifies the max number of edge nodes that can be upgraded at the same time. + /// The default Concurrency value is 1. #[serde(default, skip_serializing_if = "Option::is_none")] pub concurrency: Option, - /// FailureTolerate specifies the task tolerance failure ratio. The default FailureTolerate value is 0.1. + /// FailureTolerate specifies the task tolerance failure ratio. + /// The default FailureTolerate value is 0.1. #[serde(default, skip_serializing_if = "Option::is_none", rename = "failureTolerate")] pub failure_tolerate: Option, - /// Image specifies a container image name, the image contains: keadm and edgecore. keadm is used as upgradetool, to install the new version of edgecore. The image name consists of registry hostname and repository name, if it includes the tag or digest, the tag or digest will be overwritten by Version field above. If the registry hostname is empty, docker.io will be used as default. The default image name is: kubeedge/installation-package. + /// Image specifies a container image name, the image contains: keadm and edgecore. + /// keadm is used as upgradetool, to install the new version of edgecore. + /// The image name consists of registry hostname and repository name, + /// if it includes the tag or digest, the tag or digest will be overwritten by Version field above. + /// If the registry hostname is empty, docker.io will be used as default. + /// The default image name is: kubeedge/installation-package. #[serde(default, skip_serializing_if = "Option::is_none")] pub image: Option, - /// ImageDigestGatter define registry v2 interface access configuration. As a transition, it is not required at first, and the image digest is checked when this field is set. + /// ImageDigestGatter define registry v2 interface access configuration. + /// As a transition, it is not required at first, and the image digest is checked when this field is set. #[serde(default, skip_serializing_if = "Option::is_none", rename = "imageDigestGatter")] pub image_digest_gatter: Option, - /// LabelSelector is a filter to select member clusters by labels. It must match a node's labels for the NodeUpgradeJob to be operated on that node. Please note that sets of NodeNames and LabelSelector are ORed. Users must set one and can only set one. + /// LabelSelector is a filter to select member clusters by labels. + /// It must match a node's labels for the NodeUpgradeJob to be operated on that node. + /// Please note that sets of NodeNames and LabelSelector are ORed. + /// Users must set one and can only set one. #[serde(default, skip_serializing_if = "Option::is_none", rename = "labelSelector")] pub label_selector: Option, - /// NodeNames is a request to select some specific nodes. If it is non-empty, the upgrade job simply select these edge nodes to do upgrade operation. Please note that sets of NodeNames and LabelSelector are ORed. Users must set one and can only set one. + /// NodeNames is a request to select some specific nodes. If it is non-empty, + /// the upgrade job simply select these edge nodes to do upgrade operation. + /// Please note that sets of NodeNames and LabelSelector are ORed. + /// Users must set one and can only set one. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeNames")] pub node_names: Option>, - /// RequireConfirmation specifies whether you need to confirm the upgrade. The default RequireConfirmation value is false. + /// RequireConfirmation specifies whether you need to confirm the upgrade. + /// The default RequireConfirmation value is false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "requireConfirmation")] pub require_confirmation: Option, - /// TimeoutSeconds limits the duration of the node upgrade job. Default to 300. If set to 0, we'll use the default value 300. + /// TimeoutSeconds limits the duration of the node upgrade job. + /// Default to 300. + /// If set to 0, we'll use the default value 300. #[serde(default, skip_serializing_if = "Option::is_none", rename = "timeoutSeconds")] pub timeout_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub version: Option, } -/// ImageDigestGatter define registry v2 interface access configuration. As a transition, it is not required at first, and the image digest is checked when this field is set. +/// ImageDigestGatter define registry v2 interface access configuration. +/// As a transition, it is not required at first, and the image digest is checked when this field is set. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeUpgradeJobImageDigestGatter { /// RegistryAPI define registry v2 interface access configuration @@ -67,25 +86,35 @@ pub struct NodeUpgradeJobImageDigestGatterRegistryApi { pub token: String, } -/// LabelSelector is a filter to select member clusters by labels. It must match a node's labels for the NodeUpgradeJob to be operated on that node. Please note that sets of NodeNames and LabelSelector are ORed. Users must set one and can only set one. +/// LabelSelector is a filter to select member clusters by labels. +/// It must match a node's labels for the NodeUpgradeJob to be operated on that node. +/// Please note that sets of NodeNames and LabelSelector are ORed. +/// Users must set one and can only set one. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeUpgradeJobLabelSelector { /// matchExpressions is a list of label selector requirements. The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] pub match_expressions: Option>, - /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + /// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + /// map is equivalent to an element of matchExpressions, whose key field is "key", the + /// operator is "In", and the values array contains only "value". The requirements are ANDed. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] pub match_labels: Option>, } -/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. +/// A label selector requirement is a selector that contains values, a key, and an operator that +/// relates the key and values. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeUpgradeJobLabelSelectorMatchExpressions { /// key is the label key that the selector applies to. pub key: String, - /// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + /// operator represents a key's relationship to a set of values. + /// Valid operators are In, NotIn, Exists and DoesNotExist. pub operator: String, - /// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + /// values is an array of string values. If the operator is In or NotIn, + /// the values array must be non-empty. If the operator is Exists or DoesNotExist, + /// the values array must be empty. This array is replaced during a strategic + /// merge patch. #[serde(default, skip_serializing_if = "Option::is_none")] pub values: Option>, } @@ -93,13 +122,15 @@ pub struct NodeUpgradeJobLabelSelectorMatchExpressions { /// Most recently observed status of the NodeUpgradeJob. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeUpgradeJobStatus { - /// Action represents for the action of the ImagePrePullJob. There are two possible action values: Success, Failure. + /// Action represents for the action of the ImagePrePullJob. + /// There are two possible action values: Success, Failure. #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, /// CurrentVersion represents for the current status of the EdgeCore. #[serde(default, skip_serializing_if = "Option::is_none", rename = "currentVersion")] pub current_version: Option, - /// Event represents for the event of the ImagePrePullJob. There are six possible event values: Init, Check, BackUp, Upgrade, TimeOut, Rollback. + /// Event represents for the event of the ImagePrePullJob. + /// There are six possible event values: Init, Check, BackUp, Upgrade, TimeOut, Rollback. #[serde(default, skip_serializing_if = "Option::is_none")] pub event: Option, /// HistoricVersion represents for the historic status of the EdgeCore. @@ -111,7 +142,8 @@ pub struct NodeUpgradeJobStatus { /// Reason represents for the reason of the ImagePrePullJob. #[serde(default, skip_serializing_if = "Option::is_none")] pub reason: Option, - /// State represents for the state phase of the NodeUpgradeJob. There are several possible state values: "", Upgrading, BackingUp, RollingBack and Checking. + /// State represents for the state phase of the NodeUpgradeJob. + /// There are several possible state values: "", Upgrading, BackingUp, RollingBack and Checking. #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, /// Time represents for the running time of the ImagePrePullJob. @@ -122,10 +154,12 @@ pub struct NodeUpgradeJobStatus { /// TaskStatus stores the status of Upgrade for each edge node. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct NodeUpgradeJobStatusNodeStatus { - /// Action represents for the action of the ImagePrePullJob. There are three possible action values: Success, Failure, TimeOut. + /// Action represents for the action of the ImagePrePullJob. + /// There are three possible action values: Success, Failure, TimeOut. #[serde(default, skip_serializing_if = "Option::is_none")] pub action: Option, - /// Event represents for the event of the ImagePrePullJob. There are three possible event values: Init, Check, Pull. + /// Event represents for the event of the ImagePrePullJob. + /// There are three possible event values: Init, Check, Pull. #[serde(default, skip_serializing_if = "Option::is_none")] pub event: Option, /// NodeName is the name of edge node. @@ -134,7 +168,8 @@ pub struct NodeUpgradeJobStatusNodeStatus { /// Reason represents for the reason of the ImagePrePullJob. #[serde(default, skip_serializing_if = "Option::is_none")] pub reason: Option, - /// State represents for the upgrade state phase of the edge node. There are several possible state values: "", Upgrading, BackingUp, RollingBack and Checking. + /// State represents for the upgrade state phase of the edge node. + /// There are several possible state values: "", Upgrading, BackingUp, RollingBack and Checking. #[serde(default, skip_serializing_if = "Option::is_none")] pub state: Option, /// Time represents for the running time of the ImagePrePullJob. diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs index b3d881e7b..e914e0718 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/bootstrapproviders.rs @@ -299,23 +299,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityPreferredDuringScheduli pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityRequiredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityPreferredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityRequiredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct BootstrapProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct BootstrapProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct BootstrapProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs index 14b1d8b25..6570d2a90 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/controlplaneproviders.rs @@ -299,23 +299,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityPreferredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityRequiredDuringSchedu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityPreferredDuringS pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityRequiredDuringSc pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct ControlPlaneProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct ControlPlaneProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct ControlPlaneProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs index 9eb6790fa..671a6775f 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/coreproviders.rs @@ -299,23 +299,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityPreferredDuringSchedulingIgn pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityRequiredDuringSchedulingIgno pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityPreferredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityRequiredDuringScheduling pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct CoreProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct CoreProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct CoreProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs index af47de05f..dcd948e6d 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha1/infrastructureproviders.rs @@ -299,23 +299,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityPreferredDuringSch pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -420,23 +420,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityRequiredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -572,23 +572,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityPreferredDurin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -693,23 +693,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityRequiredDuring pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -875,8 +875,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromConfigMapKeyRef /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -916,8 +920,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -979,8 +987,12 @@ pub struct InfrastructureProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1109,7 +1121,7 @@ pub struct InfrastructureProviderManager { /// which can be run. #[serde(default, skip_serializing_if = "Option::is_none", rename = "maxConcurrentReconciles")] pub max_concurrent_reconciles: Option, - /// Metrics contains the controller metrics configuration + /// Metrics contains thw controller metrics configuration #[serde(default, skip_serializing_if = "Option::is_none")] pub metrics: Option, /// ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). @@ -1219,7 +1231,7 @@ pub struct InfrastructureProviderManagerLeaderElection { pub retry_period: String, } -/// Metrics contains the controller metrics configuration +/// Metrics contains thw controller metrics configuration #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderManagerMetrics { /// BindAddress is the TCP address that the controller should bind to diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs index 74ffb885a..c71c650c4 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/addonproviders.rs @@ -307,23 +307,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAffinityPrefer pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAffinityRequir pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityPr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityRe pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentContainersEnvValueFromCon /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentContainersEnvValueFromSec /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct AddonProviderAdditionalDeploymentsDeploymentContainersResourcesClaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AddonProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct AddonProviderDeploymentAffinityPodAffinityPreferredDuringSchedulingIg pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct AddonProviderDeploymentAffinityPodAffinityRequiredDuringSchedulingIgn pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct AddonProviderDeploymentAffinityPodAntiAffinityPreferredDuringScheduli pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct AddonProviderDeploymentAffinityPodAntiAffinityRequiredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct AddonProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct AddonProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct AddonProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AddonProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs index 981f5154c..fd2da10b1 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/bootstrapproviders.rs @@ -307,23 +307,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAffinityPr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAffinityRe pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffini pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffini pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentContainersEnvValueFro /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentContainersEnvValueFro /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct BootstrapProviderAdditionalDeploymentsDeploymentContainersResourcesCl #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityPreferredDuringScheduli pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAffinityRequiredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityPreferredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct BootstrapProviderDeploymentAffinityPodAntiAffinityRequiredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct BootstrapProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct BootstrapProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BootstrapProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs index 973896668..ef8897cfe 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/controlplaneproviders.rs @@ -307,23 +307,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAffinit pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAffinit pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAntiAff pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentAffinityPodAntiAff pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentContainersEnvValue /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentContainersEnvValue /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentContainersResource #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityPreferredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAffinityRequiredDuringSchedu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityPreferredDuringS pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct ControlPlaneProviderDeploymentAffinityPodAntiAffinityRequiredDuringSc pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct ControlPlaneProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct ControlPlaneProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ControlPlaneProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs index d7ee43765..fcc4a0bcb 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/coreproviders.rs @@ -307,23 +307,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAffinityPreferr pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAffinityRequire pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityPre pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentAffinityPodAntiAffinityReq pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentContainersEnvValueFromConf /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentContainersEnvValueFromSecr /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct CoreProviderAdditionalDeploymentsDeploymentContainersResourcesClaims #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityPreferredDuringSchedulingIgn pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct CoreProviderDeploymentAffinityPodAffinityRequiredDuringSchedulingIgno pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityPreferredDuringSchedulin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct CoreProviderDeploymentAffinityPodAntiAffinityRequiredDuringScheduling pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromConfigMapKeyRef { /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct CoreProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct CoreProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct CoreProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs index 21c44a52f..dee236160 100644 --- a/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs +++ b/kube-custom-resources-rs/src/operator_cluster_x_k8s_io/v1alpha2/infrastructureproviders.rs @@ -307,23 +307,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAffin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -428,23 +428,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAffin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -580,23 +580,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAntiA pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -701,23 +701,23 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentAffinityPodAntiA pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -883,8 +883,12 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentContainersEnvVal /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -924,8 +928,12 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentContainersEnvVal /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -973,8 +981,12 @@ pub struct InfrastructureProviderAdditionalDeploymentsDeploymentContainersResour #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderAdditionalDeploymentsDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } @@ -1443,23 +1455,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityPreferredDuringSch pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1564,23 +1576,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAffinityRequiredDuringSche pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1716,23 +1728,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityPreferredDurin pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -1837,23 +1849,23 @@ pub struct InfrastructureProviderDeploymentAffinityPodAntiAffinityRequiredDuring pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, @@ -2019,8 +2031,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromConfigMapKeyRef /// The key to select. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -2060,8 +2076,12 @@ pub struct InfrastructureProviderDeploymentContainersEnvValueFromSecretKeyRef { /// The key of the secret to select from. Must be a valid secret key. pub key: String, /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -2109,8 +2129,12 @@ pub struct InfrastructureProviderDeploymentContainersResourcesClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InfrastructureProviderDeploymentImagePullSecrets { /// Name of the referent. - /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// TODO: Add other useful fields. apiVersion, kind, uid? + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs b/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs index cf0692cde..bbd4afb51 100644 --- a/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs +++ b/kube-custom-resources-rs/src/operator_tigera_io/v1/installations.rs @@ -20,6 +20,9 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct InstallationSpec { + /// Azure is used to configure azure provider specific options. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub azure: Option, /// CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in /// conjunction with the deprecated ComponentResources, then these overrides take precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "calicoKubeControllersDeployment")] @@ -158,6 +161,24 @@ pub struct InstallationSpec { pub windows_nodes: Option, } +/// Azure is used to configure azure provider specific options. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstallationAzure { + /// PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. + /// The Default option adds the "control-plane" label to the required namespaces. + /// The Manual option does not apply the "control-plane" label to any namespace. + /// Default: Default + #[serde(default, skip_serializing_if = "Option::is_none", rename = "policyMode")] + pub policy_mode: Option, +} + +/// Azure is used to configure azure provider specific options. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum InstallationAzurePolicyMode { + Default, + Manual, +} + /// CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in /// conjunction with the deprecated ComponentResources, then these overrides take precedence. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -6711,6 +6732,9 @@ pub struct InstallationStatus { /// Computed is the final installation including overlaid resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct InstallationStatusComputed { + /// Azure is used to configure azure provider specific options. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub azure: Option, /// CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in /// conjunction with the deprecated ComponentResources, then these overrides take precedence. #[serde(default, skip_serializing_if = "Option::is_none", rename = "calicoKubeControllersDeployment")] @@ -6849,6 +6873,24 @@ pub struct InstallationStatusComputed { pub windows_nodes: Option, } +/// Azure is used to configure azure provider specific options. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct InstallationStatusComputedAzure { + /// PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. + /// The Default option adds the "control-plane" label to the required namespaces. + /// The Manual option does not apply the "control-plane" label to any namespace. + /// Default: Default + #[serde(default, skip_serializing_if = "Option::is_none", rename = "policyMode")] + pub policy_mode: Option, +} + +/// Azure is used to configure azure provider specific options. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum InstallationStatusComputedAzurePolicyMode { + Default, + Manual, +} + /// CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in /// conjunction with the deprecated ComponentResources, then these overrides take precedence. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] diff --git a/kube-custom-resources-rs/src/operator_tigera_io/v1/logstorages.rs b/kube-custom-resources-rs/src/operator_tigera_io/v1/logstorages.rs index 087bcfdb3..5c1806872 100644 --- a/kube-custom-resources-rs/src/operator_tigera_io/v1/logstorages.rs +++ b/kube-custom-resources-rs/src/operator_tigera_io/v1/logstorages.rs @@ -36,6 +36,9 @@ pub struct LogStorageSpec { /// ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric Deployment. #[serde(default, skip_serializing_if = "Option::is_none", rename = "elasticsearchMetricsDeployment")] pub elasticsearch_metrics_deployment: Option, + /// ESGatewayDeployment configures the es-gateway Deployment. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "esGatewayDeployment")] + pub es_gateway_deployment: Option, /// Index defines the configuration for the indices in the Elasticsearch cluster. #[serde(default, skip_serializing_if = "Option::is_none")] pub indices: Option, @@ -393,6 +396,151 @@ pub struct LogStorageElasticsearchMetricsDeploymentSpecTemplateSpecInitContainer pub name: String, } +/// ESGatewayDeployment configures the es-gateway Deployment. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeployment { + /// Spec is the specification of the es-gateway Deployment. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, +} + +/// Spec is the specification of the es-gateway Deployment. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpec { + /// Template describes the es-gateway Deployment pod that will be created. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub template: Option, +} + +/// Template describes the es-gateway Deployment pod that will be created. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplate { + /// Spec is the es-gateway Deployment's PodSpec. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub spec: Option, +} + +/// Spec is the es-gateway Deployment's PodSpec. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpec { + /// Containers is a list of es-gateway containers. + /// If specified, this overrides the specified es-gateway Deployment containers. + /// If omitted, the es-gateway Deployment will use its default values for its containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub containers: Option>, + /// InitContainers is a list of es-gateway init containers. + /// If specified, this overrides the specified es-gateway Deployment init containers. + /// If omitted, the es-gateway Deployment will use its default values for its init containers. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "initContainers")] + pub init_containers: Option>, +} + +/// ESGatewayDeploymentContainer is a es-gateway Deployment container. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpecContainers { + /// Name is an enum which identifies the es-gateway Deployment container by name. + /// Supported values are: tigera-secure-es-gateway + pub name: LogStorageEsGatewayDeploymentSpecTemplateSpecContainersName, + /// Resources allows customization of limits and requests for compute resources such as cpu and memory. + /// If specified, this overrides the named es-gateway Deployment container's resources. + /// If omitted, the es-gateway Deployment will use its default value for this container's resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// ESGatewayDeploymentContainer is a es-gateway Deployment container. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum LogStorageEsGatewayDeploymentSpecTemplateSpecContainersName { + #[serde(rename = "tigera-secure-es-gateway")] + TigeraSecureEsGateway, +} + +/// Resources allows customization of limits and requests for compute resources such as cpu and memory. +/// If specified, this overrides the named es-gateway Deployment container's resources. +/// If omitted, the es-gateway Deployment will use its default value for this container's resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpecContainersResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpecContainersResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + +/// ESGatewayDeploymentInitContainer is a es-gateway Deployment init container. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpecInitContainers { + /// Name is an enum which identifies the es-gateway Deployment init container by name. + /// Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner + pub name: LogStorageEsGatewayDeploymentSpecTemplateSpecInitContainersName, + /// Resources allows customization of limits and requests for compute resources such as cpu and memory. + /// If specified, this overrides the named es-gateway Deployment init container's resources. + /// If omitted, the es-gateway Deployment will use its default value for this init container's resources. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub resources: Option, +} + +/// ESGatewayDeploymentInitContainer is a es-gateway Deployment init container. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum LogStorageEsGatewayDeploymentSpecTemplateSpecInitContainersName { + #[serde(rename = "tigera-secure-elasticsearch-cert-key-cert-provisioner")] + TigeraSecureElasticsearchCertKeyCertProvisioner, +} + +/// Resources allows customization of limits and requests for compute resources such as cpu and memory. +/// If specified, this overrides the named es-gateway Deployment init container's resources. +/// If omitted, the es-gateway Deployment will use its default value for this init container's resources. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpecInitContainersResources { + /// Claims lists the names of resources, defined in spec.resourceClaims, + /// that are used by this container. + /// This is an alpha field and requires enabling the + /// DynamicResourceAllocation feature gate. + /// This field is immutable. It can only be set for containers. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub claims: Option>, + /// Limits describes the maximum amount of compute resources allowed. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub limits: Option>, + /// Requests describes the minimum amount of compute resources required. + /// If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + /// otherwise to an implementation-defined value. Requests cannot exceed Limits. + /// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + #[serde(default, skip_serializing_if = "Option::is_none")] + pub requests: Option>, +} + +/// ResourceClaim references one entry in PodSpec.ResourceClaims. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct LogStorageEsGatewayDeploymentSpecTemplateSpecInitContainersResourcesClaims { + /// Name must match the name of one entry in pod.spec.resourceClaims of + /// the Pod where this field is used. It makes that resource available + /// inside a container. + pub name: String, +} + /// Index defines the configuration for the indices in the Elasticsearch cluster. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct LogStorageIndices { diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs index 6c043dfb0..88f325a18 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmnodescrapes.rs @@ -404,6 +404,10 @@ pub enum VMNodeScrapeScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// Selector to select kubernetes Nodes. @@ -834,6 +838,10 @@ pub struct VMNodeScrapeStatus { /// LastSyncError contains error message for unsuccessful config generation #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSyncError")] pub last_sync_error: Option, + /// ObservedGeneration defines current generation picked by operator for the + /// reconcile + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, /// Status defines update status of resource #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs index 1084e1b58..854f5b82c 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmpodscrapes.rs @@ -468,6 +468,10 @@ pub enum VMPodScrapePodMetricsEndpointsScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// TLSConfig configuration to use when scraping the endpoint @@ -898,6 +902,10 @@ pub struct VMPodScrapeStatus { /// LastSyncError contains error message for unsuccessful config generation #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSyncError")] pub last_sync_error: Option, + /// ObservedGeneration defines current generation picked by operator for the + /// reconcile + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, /// Status defines update status of resource #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs index 5ed4d38ad..92fc78e6d 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmprobes.rs @@ -350,6 +350,10 @@ pub enum VMProbeScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. @@ -964,6 +968,10 @@ pub struct VMProbeStatus { /// LastSyncError contains error message for unsuccessful config generation #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSyncError")] pub last_sync_error: Option, + /// ObservedGeneration defines current generation picked by operator for the + /// reconcile + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, /// Status defines update status of resource #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs index 356f1013a..c46a34eb6 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmrules.rs @@ -91,7 +91,7 @@ pub struct VMRuleGroups { #[serde(default, skip_serializing_if = "Option::is_none")] pub tenant: Option, /// Type defines datasource type for enterprise version of vmalert - /// possible values - prometheus,graphite + /// possible values - prometheus,graphite,vlogs #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")] pub r#type: Option, } diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs index 0527417b2..0eda53203 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmscrapeconfigs.rs @@ -3075,6 +3075,10 @@ pub enum VMScrapeConfigScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// StaticConfig defines a static configuration. @@ -3487,6 +3491,10 @@ pub struct VMScrapeConfigStatus { /// LastSyncError contains error message for unsuccessful config generation #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSyncError")] pub last_sync_error: Option, + /// ObservedGeneration defines current generation picked by operator for the + /// reconcile + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, /// Status defines update status of resource #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs index 935d07a2e..5c06028b1 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmservicescrapes.rs @@ -471,6 +471,10 @@ pub enum VMServiceScrapeEndpointsScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// TLSConfig configuration to use when scraping the endpoint @@ -913,6 +917,10 @@ pub struct VMServiceScrapeStatus { /// LastSyncError contains error message for unsuccessful config generation #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSyncError")] pub last_sync_error: Option, + /// ObservedGeneration defines current generation picked by operator for the + /// reconcile + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, /// Status defines update status of resource #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, diff --git a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs index 22486b0ed..2cf0cb667 100644 --- a/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs +++ b/kube-custom-resources-rs/src/operator_victoriametrics_com/v1beta1/vmstaticscrapes.rs @@ -415,6 +415,10 @@ pub enum VMStaticScrapeTargetEndpointsScheme { Http, #[serde(rename = "https")] Https, + #[serde(rename = "HTTPS")] + HttpsX, + #[serde(rename = "HTTP")] + HttpX, } /// TLSConfig configuration to use when scraping the endpoint @@ -815,6 +819,10 @@ pub struct VMStaticScrapeStatus { /// LastSyncError contains error message for unsuccessful config generation #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastSyncError")] pub last_sync_error: Option, + /// ObservedGeneration defines current generation picked by operator for the + /// reconcile + #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] + pub observed_generation: Option, /// Status defines update status of resource #[serde(default, skip_serializing_if = "Option::is_none")] pub status: Option, diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs index e300e57c1..09e640a0d 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusteroverridepolicies.rs @@ -22,7 +22,6 @@ pub struct ClusterOverridePolicySpec { pub override_rules: Option>, /// Overriders represents the override rules that would apply on resources /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub overriders: Option, @@ -34,7 +33,6 @@ pub struct ClusterOverridePolicySpec { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetCluster")] pub target_cluster: Option, @@ -90,8 +88,7 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -249,7 +246,6 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersImageOverrider { pub operator: ClusterOverridePolicyOverrideRulesOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -260,7 +256,6 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -292,7 +287,6 @@ pub enum ClusterOverridePolicyOverrideRulesOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -303,7 +297,6 @@ pub enum ClusterOverridePolicyOverrideRulesOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverrideRulesOverridersImageOverriderPredicate { @@ -320,8 +313,7 @@ pub struct ClusterOverridePolicyOverrideRulesOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -447,7 +439,6 @@ pub struct ClusterOverridePolicyOverrideRulesTargetClusterLabelSelectorMatchExpr /// Overriders represents the override rules that would apply on resources /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverriders { @@ -486,8 +477,7 @@ pub struct ClusterOverridePolicyOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -645,7 +635,6 @@ pub struct ClusterOverridePolicyOverridersImageOverrider { pub operator: ClusterOverridePolicyOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -656,7 +645,6 @@ pub struct ClusterOverridePolicyOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -688,7 +676,6 @@ pub enum ClusterOverridePolicyOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -699,7 +686,6 @@ pub enum ClusterOverridePolicyOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyOverridersImageOverriderPredicate { @@ -716,8 +702,7 @@ pub struct ClusterOverridePolicyOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -815,7 +800,6 @@ pub struct ClusterOverridePolicyResourceSelectorsLabelSelectorMatchExpressions { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterOverridePolicyTargetCluster { diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs index 77a504e03..7b628c0c7 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/clusterpropagationpolicies.rs @@ -20,12 +20,10 @@ pub struct ClusterPropagationPolicySpec { /// ActivationPreference indicates how the referencing resource template will /// be propagated, in case of policy changes. /// - /// /// If empty, the resource template will respond to policy changes /// immediately, in other words, any policy changes will drive the resource /// template to be propagated immediately as per the current propagation rules. /// - /// /// If the value is 'Lazy' means the policy changes will not take effect for now /// but defer to the resource template changes, in other words, the resource /// template will not be propagated as per the current propagation rules until @@ -46,7 +44,6 @@ pub struct ClusterPropagationPolicySpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -56,12 +53,10 @@ pub struct ClusterPropagationPolicySpec { /// DependentOverrides represents the list of overrides(OverridePolicy) /// which must present before the current PropagationPolicy takes effect. /// - /// /// It used to explicitly specify overrides which current PropagationPolicy rely on. /// A typical scenario is the users create OverridePolicy(ies) and resources at the same time, /// they want to ensure the new-created policies would be adopted. /// - /// /// Note: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies), /// which not present in this list will still be applied if they matches the resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dependentOverrides")] @@ -82,16 +77,13 @@ pub struct ClusterPropagationPolicySpec { /// If set to true, resources will be preserved on the member clusters. /// Default is false, which means resources will be deleted along with the resource template. /// - /// /// This setting is particularly useful during workload migration scenarios to ensure /// that rollback can occur quickly without affecting the workloads running on the /// member clusters. /// - /// /// Additionally, this setting applies uniformly across all member clusters and will not /// selectively control preservation on only some clusters. /// - /// /// Note: This setting does not apply to the deletion of the policy itself. /// When the policy is deleted, the resource templates and their corresponding /// propagated resources in member clusters will remain unchanged unless explicitly deleted. @@ -105,7 +97,6 @@ pub struct ClusterPropagationPolicySpec { /// not be preempted by following policies even with a higher priority. /// See Preemption for more details. /// - /// /// In case of two policies have the same priority, the one with a more precise /// matching rules in ResourceSelectors wins: /// - matching by name(resourceSelector.name) has higher priority than @@ -115,7 +106,6 @@ pub struct ClusterPropagationPolicySpec { /// If there is still no winner at this point, the one with the lower alphabetic /// order wins, e.g. policy 'bar' has higher priority than 'foo'. /// - /// /// The higher the value, the higher the priority. Defaults to zero. #[serde(default, skip_serializing_if = "Option::is_none")] pub priority: Option, @@ -125,7 +115,6 @@ pub struct ClusterPropagationPolicySpec { /// propagated along with the Deployment. In addition to the propagating process, the referencing resources will be /// migrated along with the Deployment in the fail-over scenario. /// - /// /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propagateDeps")] pub propagate_deps: Option, @@ -197,6 +186,22 @@ pub struct ClusterPropagationPolicyFailoverApplication { /// Defaults to "Graciously". #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] pub purge_mode: Option, + /// StatePreservation defines the policy for preserving and restoring state data + /// during failover events for stateful applications. + /// + /// When an application fails over from one cluster to another, this policy enables + /// the extraction of critical data from the original resource configuration. + /// Upon successful migration, the extracted data is then re-injected into the new + /// resource, ensuring that the application can resume operation with its previous + /// state intact. + /// This is particularly useful for stateful applications where maintaining data + /// consistency across failover events is crucial. + /// If not specified, means no state data will be preserved. + /// + /// Note: This requires the StatefulFailoverInjection feature gate to be enabled, + /// which is alpha. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "statePreservation")] + pub state_preservation: Option, } /// DecisionConditions indicates the decision conditions of performing the failover process. @@ -224,30 +229,73 @@ pub enum ClusterPropagationPolicyFailoverApplicationPurgeMode { Never, } +/// StatePreservation defines the policy for preserving and restoring state data +/// during failover events for stateful applications. +/// +/// When an application fails over from one cluster to another, this policy enables +/// the extraction of critical data from the original resource configuration. +/// Upon successful migration, the extracted data is then re-injected into the new +/// resource, ensuring that the application can resume operation with its previous +/// state intact. +/// This is particularly useful for stateful applications where maintaining data +/// consistency across failover events is crucial. +/// If not specified, means no state data will be preserved. +/// +/// Note: This requires the StatefulFailoverInjection feature gate to be enabled, +/// which is alpha. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPropagationPolicyFailoverApplicationStatePreservation { + /// Rules contains a list of StatePreservationRule configurations. + /// Each rule specifies a JSONPath expression targeting specific pieces of + /// state data to be preserved during failover events. An AliasLabelName is associated + /// with each rule, serving as a label key when the preserved data is passed + /// to the new cluster. + pub rules: Vec, +} + +/// StatePreservationRule defines a single rule for state preservation. +/// It includes a JSONPath expression and an alias name that will be used +/// as a label key when passing state information to the new cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterPropagationPolicyFailoverApplicationStatePreservationRules { + /// AliasLabelName is the name that will be used as a label key when the preserved + /// data is passed to the new cluster. This facilitates the injection of the + /// preserved state back into the application resources during recovery. + #[serde(rename = "aliasLabelName")] + pub alias_label_name: String, + /// JSONPath is the JSONPath template used to identify the state data + /// to be preserved from the original resource configuration. + /// The JSONPath syntax follows the Kubernetes specification: + /// https://kubernetes.io/docs/reference/kubectl/jsonpath/ + /// + /// Note: The JSONPath expression will start searching from the "status" field of + /// the API resource object by default. For example, to extract the "availableReplicas" + /// from a Deployment, the JSONPath expression should be "{.availableReplicas}", not + /// "{.status.availableReplicas}". + #[serde(rename = "jsonPath")] + pub json_path: String, +} + /// Placement represents the rule for select clusters to propagate resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterPropagationPolicyPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -255,7 +303,6 @@ pub struct ClusterPropagationPolicyPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs index e856c73b6..19383f15f 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/overridepolicies.rs @@ -23,7 +23,6 @@ pub struct OverridePolicySpec { pub override_rules: Option>, /// Overriders represents the override rules that would apply on resources /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none")] pub overriders: Option, @@ -35,7 +34,6 @@ pub struct OverridePolicySpec { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// - /// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[serde(default, skip_serializing_if = "Option::is_none", rename = "targetCluster")] pub target_cluster: Option, @@ -91,8 +89,7 @@ pub struct OverridePolicyOverrideRulesOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -250,7 +247,6 @@ pub struct OverridePolicyOverrideRulesOverridersImageOverrider { pub operator: OverridePolicyOverrideRulesOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -261,7 +257,6 @@ pub struct OverridePolicyOverrideRulesOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -293,7 +288,6 @@ pub enum OverridePolicyOverrideRulesOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -304,7 +298,6 @@ pub enum OverridePolicyOverrideRulesOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverrideRulesOverridersImageOverriderPredicate { @@ -321,8 +314,7 @@ pub struct OverridePolicyOverrideRulesOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -448,7 +440,6 @@ pub struct OverridePolicyOverrideRulesTargetClusterLabelSelectorMatchExpressions /// Overriders represents the override rules that would apply on resources /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverriders { @@ -487,8 +478,7 @@ pub struct OverridePolicyOverridersAnnotationsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -646,7 +636,6 @@ pub struct OverridePolicyOverridersImageOverrider { pub operator: OverridePolicyOverridersImageOverriderOperator, /// Predicate filters images before applying the rule. /// - /// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -657,7 +646,6 @@ pub struct OverridePolicyOverridersImageOverrider { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// - /// /// If not nil, only images matches the filters will be processed. #[serde(default, skip_serializing_if = "Option::is_none")] pub predicate: Option, @@ -689,7 +677,6 @@ pub enum OverridePolicyOverridersImageOverriderOperator { /// Predicate filters images before applying the rule. /// -/// /// Defaults to nil, in that case, the system will automatically detect image fields if the resource type is /// Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule: /// - Pod: /spec/containers//image @@ -700,7 +687,6 @@ pub enum OverridePolicyOverridersImageOverriderOperator { /// - Job: /spec/template/spec/containers//image /// In addition, all images will be processed if the resource object has more than one container. /// -/// /// If not nil, only images matches the filters will be processed. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyOverridersImageOverriderPredicate { @@ -717,8 +703,7 @@ pub struct OverridePolicyOverridersLabelsOverrider { /// Items in Value which will be appended after annotations/labels when Operator is 'add'. /// Items in Value which match in annotations/labels will be deleted when Operator is 'remove'. /// Items in Value which match in annotations/labels will be replaced when Operator is 'replace'. - #[serde(default, skip_serializing_if = "Option::is_none")] - pub value: Option>, + pub value: BTreeMap, } /// LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations @@ -816,7 +801,6 @@ pub struct OverridePolicyResourceSelectorsLabelSelectorMatchExpressions { /// that only applies to resources propagated to the matching clusters. /// nil means matching all clusters. /// -/// /// Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct OverridePolicyTargetCluster { diff --git a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs index f847691fa..1a1ee4722 100644 --- a/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs +++ b/kube-custom-resources-rs/src/policy_karmada_io/v1alpha1/propagationpolicies.rs @@ -21,12 +21,10 @@ pub struct PropagationPolicySpec { /// ActivationPreference indicates how the referencing resource template will /// be propagated, in case of policy changes. /// - /// /// If empty, the resource template will respond to policy changes /// immediately, in other words, any policy changes will drive the resource /// template to be propagated immediately as per the current propagation rules. /// - /// /// If the value is 'Lazy' means the policy changes will not take effect for now /// but defer to the resource template changes, in other words, the resource /// template will not be propagated as per the current propagation rules until @@ -47,7 +45,6 @@ pub struct PropagationPolicySpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -57,12 +54,10 @@ pub struct PropagationPolicySpec { /// DependentOverrides represents the list of overrides(OverridePolicy) /// which must present before the current PropagationPolicy takes effect. /// - /// /// It used to explicitly specify overrides which current PropagationPolicy rely on. /// A typical scenario is the users create OverridePolicy(ies) and resources at the same time, /// they want to ensure the new-created policies would be adopted. /// - /// /// Note: For the overrides, OverridePolicy(ies) in current namespace and ClusterOverridePolicy(ies), /// which not present in this list will still be applied if they matches the resources. #[serde(default, skip_serializing_if = "Option::is_none", rename = "dependentOverrides")] @@ -83,16 +78,13 @@ pub struct PropagationPolicySpec { /// If set to true, resources will be preserved on the member clusters. /// Default is false, which means resources will be deleted along with the resource template. /// - /// /// This setting is particularly useful during workload migration scenarios to ensure /// that rollback can occur quickly without affecting the workloads running on the /// member clusters. /// - /// /// Additionally, this setting applies uniformly across all member clusters and will not /// selectively control preservation on only some clusters. /// - /// /// Note: This setting does not apply to the deletion of the policy itself. /// When the policy is deleted, the resource templates and their corresponding /// propagated resources in member clusters will remain unchanged unless explicitly deleted. @@ -106,7 +98,6 @@ pub struct PropagationPolicySpec { /// not be preempted by following policies even with a higher priority. /// See Preemption for more details. /// - /// /// In case of two policies have the same priority, the one with a more precise /// matching rules in ResourceSelectors wins: /// - matching by name(resourceSelector.name) has higher priority than @@ -116,7 +107,6 @@ pub struct PropagationPolicySpec { /// If there is still no winner at this point, the one with the lower alphabetic /// order wins, e.g. policy 'bar' has higher priority than 'foo'. /// - /// /// The higher the value, the higher the priority. Defaults to zero. #[serde(default, skip_serializing_if = "Option::is_none")] pub priority: Option, @@ -126,7 +116,6 @@ pub struct PropagationPolicySpec { /// propagated along with the Deployment. In addition to the propagating process, the referencing resources will be /// migrated along with the Deployment in the fail-over scenario. /// - /// /// Defaults to false. #[serde(default, skip_serializing_if = "Option::is_none", rename = "propagateDeps")] pub propagate_deps: Option, @@ -198,6 +187,22 @@ pub struct PropagationPolicyFailoverApplication { /// Defaults to "Graciously". #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] pub purge_mode: Option, + /// StatePreservation defines the policy for preserving and restoring state data + /// during failover events for stateful applications. + /// + /// When an application fails over from one cluster to another, this policy enables + /// the extraction of critical data from the original resource configuration. + /// Upon successful migration, the extracted data is then re-injected into the new + /// resource, ensuring that the application can resume operation with its previous + /// state intact. + /// This is particularly useful for stateful applications where maintaining data + /// consistency across failover events is crucial. + /// If not specified, means no state data will be preserved. + /// + /// Note: This requires the StatefulFailoverInjection feature gate to be enabled, + /// which is alpha. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "statePreservation")] + pub state_preservation: Option, } /// DecisionConditions indicates the decision conditions of performing the failover process. @@ -225,30 +230,73 @@ pub enum PropagationPolicyFailoverApplicationPurgeMode { Never, } +/// StatePreservation defines the policy for preserving and restoring state data +/// during failover events for stateful applications. +/// +/// When an application fails over from one cluster to another, this policy enables +/// the extraction of critical data from the original resource configuration. +/// Upon successful migration, the extracted data is then re-injected into the new +/// resource, ensuring that the application can resume operation with its previous +/// state intact. +/// This is particularly useful for stateful applications where maintaining data +/// consistency across failover events is crucial. +/// If not specified, means no state data will be preserved. +/// +/// Note: This requires the StatefulFailoverInjection feature gate to be enabled, +/// which is alpha. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PropagationPolicyFailoverApplicationStatePreservation { + /// Rules contains a list of StatePreservationRule configurations. + /// Each rule specifies a JSONPath expression targeting specific pieces of + /// state data to be preserved during failover events. An AliasLabelName is associated + /// with each rule, serving as a label key when the preserved data is passed + /// to the new cluster. + pub rules: Vec, +} + +/// StatePreservationRule defines a single rule for state preservation. +/// It includes a JSONPath expression and an alias name that will be used +/// as a label key when passing state information to the new cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PropagationPolicyFailoverApplicationStatePreservationRules { + /// AliasLabelName is the name that will be used as a label key when the preserved + /// data is passed to the new cluster. This facilitates the injection of the + /// preserved state back into the application resources during recovery. + #[serde(rename = "aliasLabelName")] + pub alias_label_name: String, + /// JSONPath is the JSONPath template used to identify the state data + /// to be preserved from the original resource configuration. + /// The JSONPath syntax follows the Kubernetes specification: + /// https://kubernetes.io/docs/reference/kubectl/jsonpath/ + /// + /// Note: The JSONPath expression will start searching from the "status" field of + /// the API resource object by default. For example, to extract the "availableReplicas" + /// from a Deployment, the JSONPath expression should be "{.availableReplicas}", not + /// "{.status.availableReplicas}". + #[serde(rename = "jsonPath")] + pub json_path: String, +} + /// Placement represents the rule for select clusters to propagate resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PropagationPolicyPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -256,7 +304,6 @@ pub struct PropagationPolicyPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary diff --git a/kube-custom-resources-rs/src/policy_kubeedge_io/v1alpha1/serviceaccountaccesses.rs b/kube-custom-resources-rs/src/policy_kubeedge_io/v1alpha1/serviceaccountaccesses.rs index 0ed88e262..7acc22836 100644 --- a/kube-custom-resources-rs/src/policy_kubeedge_io/v1alpha1/serviceaccountaccesses.rs +++ b/kube-custom-resources-rs/src/policy_kubeedge_io/v1alpha1/serviceaccountaccesses.rs @@ -48,16 +48,25 @@ pub struct ServiceAccountAccessAccessClusterRoleBinding { /// ClusterRoleBinding represents rbac ClusterRoleBinding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessClusterRoleBindingClusterRoleBinding { - /// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + /// APIVersion defines the versioned schema of this representation of an object. + /// Servers should convert recognized schemas to the latest internal value, and + /// may reject unrecognized values. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind is a string value representing the REST resource this object represents. + /// Servers may infer this from the endpoint the client submits requests to. + /// Cannot be updated. + /// In CamelCase. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Standard object's metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, - /// RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable. + /// RoleRef can only reference a ClusterRole in the global namespace. + /// If the RoleRef cannot be resolved, the Authorizer must return an error. + /// This field is immutable. #[serde(rename = "roleRef")] pub role_ref: ServiceAccountAccessAccessClusterRoleBindingClusterRoleBindingRoleRef, /// Subjects holds references to the objects the role applies to. @@ -80,7 +89,9 @@ pub struct ServiceAccountAccessAccessClusterRoleBindingClusterRoleBindingMetadat pub namespace: Option, } -/// RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable. +/// RoleRef can only reference a ClusterRole in the global namespace. +/// If the RoleRef cannot be resolved, the Authorizer must return an error. +/// This field is immutable. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessClusterRoleBindingClusterRoleBindingRoleRef { /// APIGroup is the group for the resource being referenced @@ -92,28 +103,37 @@ pub struct ServiceAccountAccessAccessClusterRoleBindingClusterRoleBindingRoleRef pub name: String, } -/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, +/// or a value for non-objects such as user and group names. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessClusterRoleBindingClusterRoleBindingSubjects { - /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + /// APIGroup holds the API group of the referenced subject. + /// Defaults to "" for ServiceAccount subjects. + /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, - /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". + /// If the Authorizer does not recognized the kind value, the Authorizer should report an error. pub kind: String, /// Name of the object being referenced. pub name: String, - /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty + /// the Authorizer should report an error. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. +/// PolicyRule holds information that describes a policy rule, but does not contain information +/// about who the rule applies to or which namespace the rule applies to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessClusterRoleBindingRules { - /// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + /// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + /// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroups")] pub api_groups: Option>, - /// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + /// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + /// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + /// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nonResourceURLs")] pub non_resource_ur_ls: Option>, /// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. @@ -140,16 +160,25 @@ pub struct ServiceAccountAccessAccessRoleBinding { /// RoleBinding represents rbac rolebinding. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessRoleBindingRoleBinding { - /// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + /// APIVersion defines the versioned schema of this representation of an object. + /// Servers should convert recognized schemas to the latest internal value, and + /// may reject unrecognized values. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind is a string value representing the REST resource this object represents. + /// Servers may infer this from the endpoint the client submits requests to. + /// Cannot be updated. + /// In CamelCase. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, /// Standard object's metadata. #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, - /// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable. + /// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. + /// If the RoleRef cannot be resolved, the Authorizer must return an error. + /// This field is immutable. #[serde(rename = "roleRef")] pub role_ref: ServiceAccountAccessAccessRoleBindingRoleBindingRoleRef, /// Subjects holds references to the objects the role applies to. @@ -172,7 +201,9 @@ pub struct ServiceAccountAccessAccessRoleBindingRoleBindingMetadata { pub namespace: Option, } -/// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable. +/// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. +/// If the RoleRef cannot be resolved, the Authorizer must return an error. +/// This field is immutable. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessRoleBindingRoleBindingRoleRef { /// APIGroup is the group for the resource being referenced @@ -184,28 +215,37 @@ pub struct ServiceAccountAccessAccessRoleBindingRoleBindingRoleRef { pub name: String, } -/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. +/// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, +/// or a value for non-objects such as user and group names. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessRoleBindingRoleBindingSubjects { - /// APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + /// APIGroup holds the API group of the referenced subject. + /// Defaults to "" for ServiceAccount subjects. + /// Defaults to "rbac.authorization.k8s.io" for User and Group subjects. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroup")] pub api_group: Option, - /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + /// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". + /// If the Authorizer does not recognized the kind value, the Authorizer should report an error. pub kind: String, /// Name of the object being referenced. pub name: String, - /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + /// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty + /// the Authorizer should report an error. #[serde(default, skip_serializing_if = "Option::is_none")] pub namespace: Option, } -/// PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. +/// PolicyRule holds information that describes a policy rule, but does not contain information +/// about who the rule applies to or which namespace the rule applies to. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessAccessRoleBindingRules { - /// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + /// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + /// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiGroups")] pub api_groups: Option>, - /// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + /// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + /// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + /// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nonResourceURLs")] pub non_resource_ur_ls: Option>, /// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. @@ -221,35 +261,55 @@ pub struct ServiceAccountAccessAccessRoleBindingRules { /// ServiceAccount is one-to-one corresponding relations with the serviceaccountaccess. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessServiceAccount { - /// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + /// APIVersion defines the versioned schema of this representation of an object. + /// Servers should convert recognized schemas to the latest internal value, and + /// may reject unrecognized values. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources #[serde(default, skip_serializing_if = "Option::is_none", rename = "apiVersion")] pub api_version: Option, - /// AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level. + /// AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. + /// Can be overridden at the pod level. #[serde(default, skip_serializing_if = "Option::is_none", rename = "automountServiceAccountToken")] pub automount_service_account_token: Option, - /// ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + /// ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images + /// in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets + /// can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. + /// More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod #[serde(default, skip_serializing_if = "Option::is_none", rename = "imagePullSecrets")] pub image_pull_secrets: Option>, - /// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + /// Kind is a string value representing the REST resource this object represents. + /// Servers may infer this from the endpoint the client submits requests to. + /// Cannot be updated. + /// In CamelCase. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds #[serde(default, skip_serializing_if = "Option::is_none")] pub kind: Option, - /// Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + /// Standard object's metadata. + /// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata #[serde(default, skip_serializing_if = "Option::is_none")] pub metadata: Option, - /// Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret + /// Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. + /// Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". + /// This field should not be used to find auto-generated service account token secrets for use outside of pods. + /// Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. + /// More info: https://kubernetes.io/docs/concepts/configuration/secret #[serde(default, skip_serializing_if = "Option::is_none")] pub secrets: Option>, } -/// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +/// LocalObjectReference contains enough information to let you locate the +/// referenced object inside the same namespace. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessServiceAccountImagePullSecrets { - /// Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? + /// Name of the referent. + /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } -/// Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +/// Standard object's metadata. +/// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ServiceAccountAccessServiceAccountMetadata { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs index 1256fc958..93ed3b237 100644 --- a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/adminnetworkpolicies.rs @@ -27,7 +27,6 @@ pub struct AdminNetworkPolicySpec { /// would take the highest precedence. /// ANPs with no egress rules do not affect egress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub egress: Option>, @@ -39,7 +38,6 @@ pub struct AdminNetworkPolicySpec { /// would take the highest precedence. /// ANPs with no ingress rules do not affect ingress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ingress: Option>, @@ -52,13 +50,11 @@ pub struct AdminNetworkPolicySpec { /// implementation can apply any of the matching policies to the connection, and /// there is no way for the user to reliably determine which one it will choose. /// - /// /// Support: Core pub priority: i32, /// Subject defines the pods to which this AdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// - /// /// Support: Core pub subject: AdminNetworkPolicySubject, } @@ -78,7 +74,6 @@ pub struct AdminNetworkPolicyEgress { /// If the pod is not selected by any NetworkPolicies then execution /// is passed to any BaselineAdminNetworkPolicies that select the pod. /// - /// /// Support: Core pub action: AdminNetworkPolicyEgressAction, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -86,7 +81,6 @@ pub struct AdminNetworkPolicyEgress { /// improve observability, readability and error-reporting for any applied /// AdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -94,7 +88,6 @@ pub struct AdminNetworkPolicyEgress { /// This field is a list of destination ports for the outgoing egress traffic. /// If Ports is not set then the rule does not filter traffic via port. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, @@ -103,7 +96,6 @@ pub struct AdminNetworkPolicyEgress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub to: Vec, } @@ -125,14 +117,12 @@ pub enum AdminNetworkPolicyEgressAction { pub struct AdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -140,19 +130,16 @@ pub struct AdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -160,27 +147,23 @@ pub struct AdminNetworkPolicyEgressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -194,7 +177,6 @@ pub struct AdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -202,7 +184,6 @@ pub struct AdminNetworkPolicyEgressTo { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -211,7 +192,6 @@ pub struct AdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressToNamespaces { @@ -246,7 +226,6 @@ pub struct AdminNetworkPolicyEgressToNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyEgressToPods { @@ -336,7 +315,6 @@ pub struct AdminNetworkPolicyIngress { /// If the pod is not selected by any NetworkPolicies then execution /// is passed to any BaselineAdminNetworkPolicies that select the pod. /// - /// /// Support: Core pub action: AdminNetworkPolicyIngressAction, /// From is the list of sources whose traffic this rule applies to. @@ -344,7 +322,6 @@ pub struct AdminNetworkPolicyIngress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub from: Vec, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -352,7 +329,6 @@ pub struct AdminNetworkPolicyIngress { /// improve observability, readability and error-reporting for any applied /// AdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -362,7 +338,6 @@ pub struct AdminNetworkPolicyIngress { /// So it matches on the destination port for the ingress traffic. /// If Ports is not set then the rule does not filter traffic via port. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, @@ -387,7 +362,6 @@ pub struct AdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -395,7 +369,6 @@ pub struct AdminNetworkPolicyIngressFrom { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -404,7 +377,6 @@ pub struct AdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressFromNamespaces { @@ -439,7 +411,6 @@ pub struct AdminNetworkPolicyIngressFromNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressFromPods { @@ -521,14 +492,12 @@ pub struct AdminNetworkPolicyIngressFromPodsPodSelectorMatchExpressions { pub struct AdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -536,19 +505,16 @@ pub struct AdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -556,27 +522,23 @@ pub struct AdminNetworkPolicyIngressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicyIngressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -584,7 +546,6 @@ pub struct AdminNetworkPolicyIngressPortsPortRange { /// Subject defines the pods to which this AdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AdminNetworkPolicySubject { diff --git a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs index bcddaaea7..7a5f907ed 100644 --- a/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs +++ b/kube-custom-resources-rs/src/policy_networking_k8s_io/v1alpha1/baselineadminnetworkpolicies.rs @@ -28,7 +28,6 @@ pub struct BaselineAdminNetworkPolicySpec { /// would take the highest precedence. /// BANPs with no egress rules do not affect egress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub egress: Option>, @@ -41,14 +40,12 @@ pub struct BaselineAdminNetworkPolicySpec { /// would take the highest precedence. /// BANPs with no ingress rules do not affect ingress traffic. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ingress: Option>, /// Subject defines the pods to which this BaselineAdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// - /// /// Support: Core pub subject: BaselineAdminNetworkPolicySubject, } @@ -64,7 +61,6 @@ pub struct BaselineAdminNetworkPolicyEgress { /// Allow: allows the selected traffic /// Deny: denies the selected traffic /// - /// /// Support: Core pub action: BaselineAdminNetworkPolicyEgressAction, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -72,7 +68,6 @@ pub struct BaselineAdminNetworkPolicyEgress { /// improve observability, readability and error-reporting for any applied /// BaselineAdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -86,7 +81,6 @@ pub struct BaselineAdminNetworkPolicyEgress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub to: Vec, } @@ -107,14 +101,12 @@ pub enum BaselineAdminNetworkPolicyEgressAction { pub struct BaselineAdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -122,19 +114,16 @@ pub struct BaselineAdminNetworkPolicyEgressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -142,27 +131,23 @@ pub struct BaselineAdminNetworkPolicyEgressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -176,7 +161,6 @@ pub struct BaselineAdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -184,7 +168,6 @@ pub struct BaselineAdminNetworkPolicyEgressTo { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -193,7 +176,6 @@ pub struct BaselineAdminNetworkPolicyEgressTo { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressToNamespaces { @@ -228,7 +210,6 @@ pub struct BaselineAdminNetworkPolicyEgressToNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyEgressToPods { @@ -314,7 +295,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// Allow: allows the selected traffic /// Deny: denies the selected traffic /// - /// /// Support: Core pub action: BaselineAdminNetworkPolicyIngressAction, /// From is the list of sources whose traffic this rule applies to. @@ -322,7 +302,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// traffic then the specified action is applied. /// This field must be defined and contain at least one item. /// - /// /// Support: Core pub from: Vec, /// Name is an identifier for this rule, that may be no more than 100 characters @@ -330,7 +309,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// improve observability, readability and error-reporting for any applied /// BaselineAdminNetworkPolicies. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, @@ -340,7 +318,6 @@ pub struct BaselineAdminNetworkPolicyIngress { /// So it matches on the destination port for the ingress traffic. /// If Ports is not set then the rule does not filter traffic via port. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub ports: Option>, @@ -364,7 +341,6 @@ pub struct BaselineAdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub namespaces: Option, @@ -372,7 +348,6 @@ pub struct BaselineAdminNetworkPolicyIngressFrom { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub pods: Option, @@ -381,7 +356,6 @@ pub struct BaselineAdminNetworkPolicyIngressFrom { /// Namespaces defines a way to select all pods within a set of Namespaces. /// Note that host-networked pods are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressFromNamespaces { @@ -416,7 +390,6 @@ pub struct BaselineAdminNetworkPolicyIngressFromNamespacesMatchExpressions { /// a set of namespaces. Note that host-networked pods /// are not included in this type of peer. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressFromPods { @@ -498,14 +471,12 @@ pub struct BaselineAdminNetworkPolicyIngressFromPodsPodSelectorMatchExpressions pub struct BaselineAdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portNumber")] pub port_number: Option, /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none", rename = "portRange")] pub port_range: Option, @@ -513,19 +484,16 @@ pub struct BaselineAdminNetworkPolicyIngressPorts { /// Port selects a port on a pod(s) based on number. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressPortsPortNumber { /// Number defines a network port value. /// - /// /// Support: Core pub port: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core pub protocol: String, } @@ -533,27 +501,23 @@ pub struct BaselineAdminNetworkPolicyIngressPortsPortNumber { /// PortRange selects a port range on a pod(s) based on provided start and end /// values. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicyIngressPortsPortRange { /// End defines a network port that is the end of a port range, the End value /// must be greater than Start. /// - /// /// Support: Core pub end: i32, /// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must /// match. If not specified, this field defaults to TCP. /// - /// /// Support: Core #[serde(default, skip_serializing_if = "Option::is_none")] pub protocol: Option, /// Start defines a network port that is the start of a port range, the Start /// value must be less than End. /// - /// /// Support: Core pub start: i32, } @@ -561,7 +525,6 @@ pub struct BaselineAdminNetworkPolicyIngressPortsPortRange { /// Subject defines the pods to which this BaselineAdminNetworkPolicy applies. /// Note that host-networked pods are not included in subject selection. /// -/// /// Support: Core #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct BaselineAdminNetworkPolicySubject { diff --git a/kube-custom-resources-rs/src/projectcontour_io/v1/httpproxies.rs b/kube-custom-resources-rs/src/projectcontour_io/v1/httpproxies.rs index c2288b852..13b727e54 100644 --- a/kube-custom-resources-rs/src/projectcontour_io/v1/httpproxies.rs +++ b/kube-custom-resources-rs/src/projectcontour_io/v1/httpproxies.rs @@ -1009,11 +1009,14 @@ pub struct HTTPProxyRoutesRetryPolicy { /// - `5xx` /// - `gateway-error` /// - `reset` + /// - `reset-before-request` /// - `connect-failure` + /// - `envoy-ratelimited` /// - `retriable-4xx` /// - `refused-stream` /// - `retriable-status-codes` /// - `retriable-headers` + /// - `http3-post-connect-failure` /// Supported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on): /// - `cancelled` /// - `deadline-exceeded` diff --git a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs index 841b14f3a..c39150817 100644 --- a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs +++ b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbbackups.rs @@ -50,6 +50,8 @@ pub struct PerconaServerMongoDBBackupStatus { pub destination: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filesystem: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastTransition")] pub last_transition: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "latestRestorableTime")] @@ -86,6 +88,11 @@ pub struct PerconaServerMongoDBBackupStatusAzure { pub prefix: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaServerMongoDBBackupStatusFilesystem { + pub path: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMongoDBBackupStatusS3 { pub bucket: String, diff --git a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs index d896d5e16..8873c4895 100644 --- a/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs +++ b/kube-custom-resources-rs/src/psmdb_percona_com/v1/perconaservermongodbrestores.rs @@ -44,6 +44,8 @@ pub struct PerconaServerMongoDBRestoreBackupSource { pub destination: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub error: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub filesystem: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "lastTransition")] pub last_transition: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "latestRestorableTime")] @@ -80,6 +82,11 @@ pub struct PerconaServerMongoDBRestoreBackupSourceAzure { pub prefix: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaServerMongoDBRestoreBackupSourceFilesystem { + pub path: String, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaServerMongoDBRestoreBackupSourceS3 { pub bucket: String, diff --git a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs index 36f602aa0..fcf2072ae 100644 --- a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs +++ b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusterbackups.rs @@ -19,6 +19,8 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct PerconaXtraDBClusterBackupSpec { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeDeadlineSeconds")] + pub active_deadline_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "containerOptions")] pub container_options: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "pxcCluster")] diff --git a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs index 6dcd9710c..817305c57 100644 --- a/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs +++ b/kube-custom-resources-rs/src/pxc_percona_com/v1/perconaxtradbclusters.rs @@ -68,12 +68,16 @@ pub struct PerconaXtraDBClusterSpec { pub update_strategy: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeOptions")] pub upgrade_options: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub users: Option>, #[serde(default, skip_serializing_if = "Option::is_none", rename = "vaultSecretName")] pub vault_secret_name: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaXtraDBClusterBackup { + #[serde(default, skip_serializing_if = "Option::is_none", rename = "activeDeadlineSeconds")] + pub active_deadline_seconds: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowParallel")] pub allow_parallel: Option, #[serde(default, skip_serializing_if = "Option::is_none")] @@ -8467,6 +8471,30 @@ pub struct PerconaXtraDBClusterUpgradeOptions { pub version_service_endpoint: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaXtraDBClusterUsers { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub dbs: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub grants: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub hosts: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "passwordSecretRef")] + pub password_secret_ref: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "withGrantOption")] + pub with_grant_option: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct PerconaXtraDBClusterUsersPasswordSecretRef { + #[serde(default, skip_serializing_if = "Option::is_none")] + pub key: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub name: Option, +} + #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PerconaXtraDBClusterStatus { #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs b/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs index 1465b6264..384c1adbd 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayclusters.rs @@ -3392,6 +3392,8 @@ pub struct RayClusterHeadGroupSpecTemplateSpecVolumesVsphereVolume { pub struct RayClusterWorkerGroupSpecs { #[serde(rename = "groupName")] pub group_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "idleTimeoutSeconds")] + pub idle_timeout_seconds: Option, #[serde(rename = "maxReplicas")] pub max_replicas: i32, #[serde(rename = "minReplicas")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs b/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs index e193c7449..5dd553eea 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayjobs.rs @@ -3430,6 +3430,8 @@ pub struct RayJobRayClusterSpecHeadGroupSpecTemplateSpecVolumesVsphereVolume { pub struct RayJobRayClusterSpecWorkerGroupSpecs { #[serde(rename = "groupName")] pub group_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "idleTimeoutSeconds")] + pub idle_timeout_seconds: Option, #[serde(rename = "maxReplicas")] pub max_replicas: i32, #[serde(rename = "minReplicas")] diff --git a/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs b/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs index 797df574e..8ac105637 100644 --- a/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs +++ b/kube-custom-resources-rs/src/ray_io/v1/rayservices.rs @@ -30,6 +30,8 @@ pub struct RayServiceSpec { pub serve_service: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "serviceUnhealthySecondThreshold")] pub service_unhealthy_second_threshold: Option, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "upgradeStrategy")] + pub upgrade_strategy: Option, } #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] @@ -3406,6 +3408,8 @@ pub struct RayServiceRayClusterConfigHeadGroupSpecTemplateSpecVolumesVsphereVolu pub struct RayServiceRayClusterConfigWorkerGroupSpecs { #[serde(rename = "groupName")] pub group_name: String, + #[serde(default, skip_serializing_if = "Option::is_none", rename = "idleTimeoutSeconds")] + pub idle_timeout_seconds: Option, #[serde(rename = "maxReplicas")] pub max_replicas: i32, #[serde(rename = "minReplicas")] diff --git a/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs b/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs index 5a1677a8e..611c6276d 100644 --- a/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs +++ b/kube-custom-resources-rs/src/rc_app_stacks/v1/runtimecomponents.rs @@ -6827,6 +6827,9 @@ pub struct RuntimeComponentStatus { /// The generation identifier of this RuntimeComponent instance completely reconciled by the Operator. #[serde(default, skip_serializing_if = "Option::is_none", rename = "observedGeneration")] pub observed_generation: Option, + /// The reconciliation interval in seconds. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "reconcileInterval")] + pub reconcile_interval: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub references: Option>, #[serde(default, skip_serializing_if = "Option::is_none")] diff --git a/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/clusterobjectsyncs.rs b/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/clusterobjectsyncs.rs index ae5bcc2fa..b7322e4ca 100644 --- a/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/clusterobjectsyncs.rs +++ b/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/clusterobjectsyncs.rs @@ -17,13 +17,16 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ClusterObjectSyncSpec { - /// ObjectAPIVersion is the APIVersion of the object that was successfully persist to the edge node. + /// ObjectAPIVersion is the APIVersion of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectAPIVersion")] pub object_api_version: Option, - /// ObjectType is the kind of the object that was successfully persist to the edge node. + /// ObjectType is the kind of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectKind")] pub object_kind: Option, - /// ObjectName is the name of the object that was successfully persist to the edge node. + /// ObjectName is the name of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectName")] pub object_name: Option, } @@ -31,7 +34,8 @@ pub struct ClusterObjectSyncSpec { /// ObjectSyncStatus stores the resourceversion of objects that persist to the edge. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterObjectSyncStatus { - /// ObjectResourceVersion is the resourceversion of the object that was successfully persist to the edge node. + /// ObjectResourceVersion is the resourceversion of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectResourceVersion")] pub object_resource_version: Option, } diff --git a/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/objectsyncs.rs b/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/objectsyncs.rs index fa49b04a5..723fa8488 100644 --- a/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/objectsyncs.rs +++ b/kube-custom-resources-rs/src/reliablesyncs_kubeedge_io/v1alpha1/objectsyncs.rs @@ -18,13 +18,16 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ObjectSyncSpec { - /// ObjectAPIVersion is the APIVersion of the object that was successfully persist to the edge node. + /// ObjectAPIVersion is the APIVersion of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectAPIVersion")] pub object_api_version: Option, - /// ObjectType is the kind of the object that was successfully persist to the edge node. + /// ObjectType is the kind of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectKind")] pub object_kind: Option, - /// ObjectName is the name of the object that was successfully persist to the edge node. + /// ObjectName is the name of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectName")] pub object_name: Option, } @@ -32,7 +35,8 @@ pub struct ObjectSyncSpec { /// ObjectSyncStatus stores the resourceversion of objects that persist to the edge. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ObjectSyncStatus { - /// ObjectResourceVersion is the resourceversion of the object that was successfully persist to the edge node. + /// ObjectResourceVersion is the resourceversion of the object + /// that was successfully persist to the edge node. #[serde(default, skip_serializing_if = "Option::is_none", rename = "objectResourceVersion")] pub object_resource_version: Option, } diff --git a/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulpbackups.rs b/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulpbackups.rs index 180fa10c1..e7b76a9b1 100644 --- a/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulpbackups.rs +++ b/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulpbackups.rs @@ -258,7 +258,7 @@ pub struct PulpBackupAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -269,7 +269,7 @@ pub struct PulpBackupAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -379,7 +379,7 @@ pub struct PulpBackupAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -390,7 +390,7 @@ pub struct PulpBackupAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -531,7 +531,7 @@ pub struct PulpBackupAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -542,7 +542,7 @@ pub struct PulpBackupAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -652,7 +652,7 @@ pub struct PulpBackupAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -663,7 +663,7 @@ pub struct PulpBackupAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. diff --git a/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulps.rs b/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulps.rs index 376f1119d..aa23f7025 100644 --- a/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulps.rs +++ b/kube-custom-resources-rs/src/repo_manager_pulpproject_org/v1beta2/pulps.rs @@ -339,9 +339,7 @@ pub struct PulpAdminPasswordJobContainerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -384,9 +382,7 @@ pub struct PulpAdminPasswordJobContainerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -400,11 +396,9 @@ pub struct PulpAdminPasswordJobContainerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -427,6 +421,11 @@ pub struct PulpAdminPasswordJobContainerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Api defines desired state of pulpcore-api resources @@ -690,7 +689,7 @@ pub struct PulpApiAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -701,7 +700,7 @@ pub struct PulpApiAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -811,7 +810,7 @@ pub struct PulpApiAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -822,7 +821,7 @@ pub struct PulpApiAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExecut /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -963,7 +962,7 @@ pub struct PulpApiAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -974,7 +973,7 @@ pub struct PulpApiAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1084,7 +1083,7 @@ pub struct PulpApiAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -1095,7 +1094,7 @@ pub struct PulpApiAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -1234,9 +1233,7 @@ pub struct PulpApiEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1279,9 +1276,7 @@ pub struct PulpApiEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1354,9 +1349,7 @@ pub struct PulpApiInitContainerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -1399,9 +1392,7 @@ pub struct PulpApiInitContainerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -1415,11 +1406,9 @@ pub struct PulpApiInitContainerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1442,6 +1431,11 @@ pub struct PulpApiInitContainerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Periodic probe of container liveness. @@ -1515,7 +1509,6 @@ pub struct PulpApiLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1591,30 +1584,25 @@ pub struct PulpApiPdb { /// should be considered for eviction. Current implementation considers healthy pods, /// as pods that have status.conditions item with type="Ready",status="True". /// - /// /// Valid policies are IfHealthyBudget and AlwaysAllow. /// If no policy is specified, the default behavior will be used, /// which corresponds to the IfHealthyBudget policy. /// - /// /// IfHealthyBudget policy means that running pods (status.phase="Running"), /// but not yet healthy can be evicted only if the guarded application is not /// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). /// Healthy pods will be subject to the PDB for eviction. /// - /// /// AlwaysAllow policy means that all running pods (status.phase="Running"), /// but not yet healthy are considered disrupted and can be evicted regardless /// of whether the criteria in a PDB is met. This means perspective running /// pods of a disrupted application might not get a chance to become healthy. /// Healthy pods will be subject to the PDB for eviction. /// - /// /// Additional policies may be added in the future. /// Clients making eviction decisions should disallow eviction of unhealthy pods /// if they encounter an unrecognized policy in this field. /// - /// /// This field is beta-level. The eviction API uses this field when /// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyPodEvictionPolicy")] @@ -1725,7 +1713,6 @@ pub struct PulpApiReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -1782,11 +1769,9 @@ pub struct PulpApiResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -1809,6 +1794,11 @@ pub struct PulpApiResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The deployment strategy to use to replace existing pods with new ones. @@ -1816,9 +1806,6 @@ pub struct PulpApiResourceRequirementsClaims { pub struct PulpApiStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -1828,9 +1815,6 @@ pub struct PulpApiStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PulpApiStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -1907,7 +1891,6 @@ pub struct PulpApiTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -1941,7 +1924,6 @@ pub struct PulpApiTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -1957,7 +1939,6 @@ pub struct PulpApiTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -1968,7 +1949,6 @@ pub struct PulpApiTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -2298,7 +2278,7 @@ pub struct PulpCacheAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2309,7 +2289,7 @@ pub struct PulpCacheAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2419,7 +2399,7 @@ pub struct PulpCacheAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExec /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2430,7 +2410,7 @@ pub struct PulpCacheAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExec /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2571,7 +2551,7 @@ pub struct PulpCacheAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2582,7 +2562,7 @@ pub struct PulpCacheAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2692,7 +2672,7 @@ pub struct PulpCacheAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -2703,7 +2683,7 @@ pub struct PulpCacheAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -2864,7 +2844,6 @@ pub struct PulpCacheLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -2986,7 +2965,6 @@ pub struct PulpCacheReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -3043,11 +3021,9 @@ pub struct PulpCacheRedisResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -3070,6 +3046,11 @@ pub struct PulpCacheRedisResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The deployment strategy to use to replace existing pods with new ones. @@ -3077,9 +3058,6 @@ pub struct PulpCacheRedisResourceRequirementsClaims { pub struct PulpCacheStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -3089,9 +3067,6 @@ pub struct PulpCacheStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PulpCacheStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -3412,7 +3387,7 @@ pub struct PulpContentAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3423,7 +3398,7 @@ pub struct PulpContentAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3533,7 +3508,7 @@ pub struct PulpContentAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3544,7 +3519,7 @@ pub struct PulpContentAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3685,7 +3660,7 @@ pub struct PulpContentAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3696,7 +3671,7 @@ pub struct PulpContentAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3806,7 +3781,7 @@ pub struct PulpContentAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -3817,7 +3792,7 @@ pub struct PulpContentAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -3956,9 +3931,7 @@ pub struct PulpContentEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4001,9 +3974,7 @@ pub struct PulpContentEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4076,9 +4047,7 @@ pub struct PulpContentInitContainerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -4121,9 +4090,7 @@ pub struct PulpContentInitContainerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -4137,11 +4104,9 @@ pub struct PulpContentInitContainerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4164,6 +4129,11 @@ pub struct PulpContentInitContainerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Periodic probe of container liveness. @@ -4237,7 +4207,6 @@ pub struct PulpContentLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4313,30 +4282,25 @@ pub struct PulpContentPdb { /// should be considered for eviction. Current implementation considers healthy pods, /// as pods that have status.conditions item with type="Ready",status="True". /// - /// /// Valid policies are IfHealthyBudget and AlwaysAllow. /// If no policy is specified, the default behavior will be used, /// which corresponds to the IfHealthyBudget policy. /// - /// /// IfHealthyBudget policy means that running pods (status.phase="Running"), /// but not yet healthy can be evicted only if the guarded application is not /// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). /// Healthy pods will be subject to the PDB for eviction. /// - /// /// AlwaysAllow policy means that all running pods (status.phase="Running"), /// but not yet healthy are considered disrupted and can be evicted regardless /// of whether the criteria in a PDB is met. This means perspective running /// pods of a disrupted application might not get a chance to become healthy. /// Healthy pods will be subject to the PDB for eviction. /// - /// /// Additional policies may be added in the future. /// Clients making eviction decisions should disallow eviction of unhealthy pods /// if they encounter an unrecognized policy in this field. /// - /// /// This field is beta-level. The eviction API uses this field when /// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyPodEvictionPolicy")] @@ -4447,7 +4411,6 @@ pub struct PulpContentReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -4504,11 +4467,9 @@ pub struct PulpContentResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -4531,6 +4492,11 @@ pub struct PulpContentResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The deployment strategy to use to replace existing pods with new ones. @@ -4538,9 +4504,6 @@ pub struct PulpContentResourceRequirementsClaims { pub struct PulpContentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -4550,9 +4513,6 @@ pub struct PulpContentStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PulpContentStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -4629,7 +4589,6 @@ pub struct PulpContentTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -4663,7 +4622,6 @@ pub struct PulpContentTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -4679,7 +4637,6 @@ pub struct PulpContentTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -4690,7 +4647,6 @@ pub struct PulpContentTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] @@ -5038,7 +4994,7 @@ pub struct PulpDatabaseAffinityPodAffinityPreferredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5049,7 +5005,7 @@ pub struct PulpDatabaseAffinityPodAffinityPreferredDuringSchedulingIgnoredDuring /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5159,7 +5115,7 @@ pub struct PulpDatabaseAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5170,7 +5126,7 @@ pub struct PulpDatabaseAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringE /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5311,7 +5267,7 @@ pub struct PulpDatabaseAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5322,7 +5278,7 @@ pub struct PulpDatabaseAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDu /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5432,7 +5388,7 @@ pub struct PulpDatabaseAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -5443,7 +5399,7 @@ pub struct PulpDatabaseAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDur /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -5604,7 +5560,6 @@ pub struct PulpDatabaseLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5661,11 +5616,9 @@ pub struct PulpDatabasePostgresResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -5688,6 +5641,11 @@ pub struct PulpDatabasePostgresResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Periodic probe of container service readiness. @@ -5761,7 +5719,6 @@ pub struct PulpDatabaseReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -5978,9 +5935,7 @@ pub struct PulpMigrationJobContainerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6023,9 +5978,7 @@ pub struct PulpMigrationJobContainerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6039,11 +5992,9 @@ pub struct PulpMigrationJobContainerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6066,6 +6017,11 @@ pub struct PulpMigrationJobContainerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Job to store signing metadata scripts @@ -6141,9 +6097,7 @@ pub struct PulpSigningJobContainerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6186,9 +6140,7 @@ pub struct PulpSigningJobContainerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6202,11 +6154,9 @@ pub struct PulpSigningJobContainerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6229,6 +6179,11 @@ pub struct PulpSigningJobContainerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Telemetry defines the OpenTelemetry configuration @@ -6259,11 +6214,9 @@ pub struct PulpTelemetryResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6286,6 +6239,11 @@ pub struct PulpTelemetryResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Web defines desired state of pulpcore-web (reverse-proxy) resources @@ -6379,9 +6337,7 @@ pub struct PulpWebEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -6424,9 +6380,7 @@ pub struct PulpWebEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -6505,7 +6459,6 @@ pub struct PulpWebLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -6581,30 +6534,25 @@ pub struct PulpWebPdb { /// should be considered for eviction. Current implementation considers healthy pods, /// as pods that have status.conditions item with type="Ready",status="True". /// - /// /// Valid policies are IfHealthyBudget and AlwaysAllow. /// If no policy is specified, the default behavior will be used, /// which corresponds to the IfHealthyBudget policy. /// - /// /// IfHealthyBudget policy means that running pods (status.phase="Running"), /// but not yet healthy can be evicted only if the guarded application is not /// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). /// Healthy pods will be subject to the PDB for eviction. /// - /// /// AlwaysAllow policy means that all running pods (status.phase="Running"), /// but not yet healthy are considered disrupted and can be evicted regardless /// of whether the criteria in a PDB is met. This means perspective running /// pods of a disrupted application might not get a chance to become healthy. /// Healthy pods will be subject to the PDB for eviction. /// - /// /// Additional policies may be added in the future. /// Clients making eviction decisions should disallow eviction of unhealthy pods /// if they encounter an unrecognized policy in this field. /// - /// /// This field is beta-level. The eviction API uses this field when /// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyPodEvictionPolicy")] @@ -6715,7 +6663,6 @@ pub struct PulpWebReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -6772,11 +6719,9 @@ pub struct PulpWebResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -6799,6 +6744,11 @@ pub struct PulpWebResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The deployment strategy to use to replace existing pods with new ones. @@ -6806,9 +6756,6 @@ pub struct PulpWebResourceRequirementsClaims { pub struct PulpWebStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -6818,9 +6765,6 @@ pub struct PulpWebStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PulpWebStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -7116,7 +7060,7 @@ pub struct PulpWorkerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7127,7 +7071,7 @@ pub struct PulpWorkerAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringEx /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7237,7 +7181,7 @@ pub struct PulpWorkerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7248,7 +7192,7 @@ pub struct PulpWorkerAffinityPodAffinityRequiredDuringSchedulingIgnoredDuringExe /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7389,7 +7333,7 @@ pub struct PulpWorkerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7400,7 +7344,7 @@ pub struct PulpWorkerAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuri /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7510,7 +7454,7 @@ pub struct PulpWorkerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. /// Also, matchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will @@ -7521,7 +7465,7 @@ pub struct PulpWorkerAffinityPodAntiAffinityRequiredDuringSchedulingIgnoredDurin /// pod labels will be ignored. The default value is empty. /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -7660,9 +7604,7 @@ pub struct PulpWorkerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7705,9 +7647,7 @@ pub struct PulpWorkerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7780,9 +7720,7 @@ pub struct PulpWorkerInitContainerEnvVarsValueFromConfigMapKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the ConfigMap or its key must be defined @@ -7825,9 +7763,7 @@ pub struct PulpWorkerInitContainerEnvVarsValueFromSecretKeyRef { /// This field is effectively required, but due to backwards compatibility is /// allowed to be empty. Instances of this type with an empty value here are /// almost certainly wrong. - /// TODO: Add other useful fields. apiVersion, kind, uid? /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, /// Specify whether the Secret or its key must be defined @@ -7841,11 +7777,9 @@ pub struct PulpWorkerInitContainerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -7868,6 +7802,11 @@ pub struct PulpWorkerInitContainerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// Periodic probe of container liveness. @@ -7941,7 +7880,6 @@ pub struct PulpWorkerLivenessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8017,30 +7955,25 @@ pub struct PulpWorkerPdb { /// should be considered for eviction. Current implementation considers healthy pods, /// as pods that have status.conditions item with type="Ready",status="True". /// - /// /// Valid policies are IfHealthyBudget and AlwaysAllow. /// If no policy is specified, the default behavior will be used, /// which corresponds to the IfHealthyBudget policy. /// - /// /// IfHealthyBudget policy means that running pods (status.phase="Running"), /// but not yet healthy can be evicted only if the guarded application is not /// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). /// Healthy pods will be subject to the PDB for eviction. /// - /// /// AlwaysAllow policy means that all running pods (status.phase="Running"), /// but not yet healthy are considered disrupted and can be evicted regardless /// of whether the criteria in a PDB is met. This means perspective running /// pods of a disrupted application might not get a chance to become healthy. /// Healthy pods will be subject to the PDB for eviction. /// - /// /// Additional policies may be added in the future. /// Clients making eviction decisions should disallow eviction of unhealthy pods /// if they encounter an unrecognized policy in this field. /// - /// /// This field is beta-level. The eviction API uses this field when /// the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "unhealthyPodEvictionPolicy")] @@ -8151,7 +8084,6 @@ pub struct PulpWorkerReadinessProbeGrpc { /// Service is the name of the service to place in the gRPC HealthCheckRequest /// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). /// - /// /// If this is not specified, the default behavior is defined by gRPC. #[serde(default, skip_serializing_if = "Option::is_none")] pub service: Option, @@ -8208,11 +8140,9 @@ pub struct PulpWorkerResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -8235,6 +8165,11 @@ pub struct PulpWorkerResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// The deployment strategy to use to replace existing pods with new ones. @@ -8242,9 +8177,6 @@ pub struct PulpWorkerResourceRequirementsClaims { pub struct PulpWorkerStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. - /// --- - /// TODO: Update this to follow our convention for oneOf, whatever we decide it - /// to be. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rollingUpdate")] pub rolling_update: Option, /// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. @@ -8254,9 +8186,6 @@ pub struct PulpWorkerStrategy { /// Rolling update config params. Present only if DeploymentStrategyType = /// RollingUpdate. -/// --- -/// TODO: Update this to follow our convention for oneOf, whatever we decide it -/// to be. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct PulpWorkerStrategyRollingUpdate { /// The maximum number of pods that can be scheduled above the desired number of @@ -8333,7 +8262,6 @@ pub struct PulpWorkerTopologySpreadConstraints { /// Keys that don't exist in the incoming pod labels will /// be ignored. A null or empty list means only match against labelSelector. /// - /// /// This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, @@ -8367,7 +8295,6 @@ pub struct PulpWorkerTopologySpreadConstraints { /// Valid values are integers greater than 0. /// When value is not nil, WhenUnsatisfiable must be DoNotSchedule. /// - /// /// For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same /// labelSelector spread as 2/2/2: /// | zone1 | zone2 | zone3 | @@ -8383,7 +8310,6 @@ pub struct PulpWorkerTopologySpreadConstraints { /// - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. /// - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. /// - /// /// If this value is nil, the behavior is equivalent to the Honor policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeAffinityPolicy")] @@ -8394,7 +8320,6 @@ pub struct PulpWorkerTopologySpreadConstraints { /// has a toleration, are included. /// - Ignore: node taints are ignored. All nodes are included. /// - /// /// If this value is nil, the behavior is equivalent to the Ignore policy. /// This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. #[serde(default, skip_serializing_if = "Option::is_none", rename = "nodeTaintsPolicy")] diff --git a/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs b/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs index e7aa1a959..4bfe4efb6 100644 --- a/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs +++ b/kube-custom-resources-rs/src/scylla_scylladb_com/v1alpha1/scyllaoperatorconfigs.rs @@ -6,6 +6,7 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; @@ -17,6 +18,9 @@ use self::prelude::*; #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct ScyllaOperatorConfigSpec { + /// configuredClusterDomain allows users to set the configured Kubernetes cluster domain explicitly, instead of letting Scylla Operator automatically discover it. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "configuredClusterDomain")] + pub configured_cluster_domain: Option, /// scyllaUtilsImage is a ScyllaDB image used for running ScyllaDB utilities. #[serde(default, skip_serializing_if = "Option::is_none", rename = "scyllaUtilsImage")] pub scylla_utils_image: Option, @@ -37,6 +41,12 @@ pub struct ScyllaOperatorConfigStatus { /// bashToolsImage is a generic Bash image with extra tools used by the operator for auxiliary purposes. #[serde(default, skip_serializing_if = "Option::is_none", rename = "bashToolsImage")] pub bash_tools_image: Option, + /// clusterDomain is the Kubernetes cluster domain used by the Scylla Operator. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clusterDomain")] + pub cluster_domain: Option, + /// conditions hold conditions describing ScyllaOperatorConfig state. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, /// grafanaImage is the image used by the operator to create a Grafana instance. #[serde(default, skip_serializing_if = "Option::is_none", rename = "grafanaImage")] pub grafana_image: Option, diff --git a/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/apparmorprofiles.rs b/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/apparmorprofiles.rs index f93964aaf..b39d6d155 100644 --- a/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/apparmorprofiles.rs +++ b/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/apparmorprofiles.rs @@ -6,77 +6,114 @@ mod prelude { pub use kube::CustomResource; pub use serde::{Serialize, Deserialize}; + pub use k8s_openapi::apimachinery::pkg::apis::meta::v1::Condition; } use self::prelude::*; -/// AppArmorProfileSpec defines the desired state of AppArmorProfile +/// AppArmorProfileSpec defines the desired state of AppArmorProfile. #[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] #[kube(group = "security-profiles-operator.x-k8s.io", version = "v1alpha1", kind = "AppArmorProfile", plural = "apparmorprofiles")] #[kube(namespaced)] +#[kube(status = "AppArmorProfileStatus")] #[kube(schema = "disabled")] #[kube(derive="Default")] #[kube(derive="PartialEq")] pub struct AppArmorProfileSpec { + /// Abstract stores the apparmor profile allow lists for executable, file, network and capabilities access. #[serde(default, skip_serializing_if = "Option::is_none", rename = "abstract")] pub r#abstract: Option, + /// ComplainMode places the apparmor profile into "complain" mode, by default is placed in "enforce" mode. + /// In complain mode, if a given action is not allowed, it will be allowed, but this violation will be + /// logged with a tag of access being "ALLOWED unconfined". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "complainMode")] + pub complain_mode: Option, + /// Whether the profile is disabled and should be skipped during reconciliation. #[serde(default, skip_serializing_if = "Option::is_none")] - pub policy: Option, + pub disabled: Option, } +/// Abstract stores the apparmor profile allow lists for executable, file, network and capabilities access. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileAbstract { + /// Capability rules for Linux capabilities. #[serde(default, skip_serializing_if = "Option::is_none")] pub capability: Option, + /// Executable rules for allowed executables. #[serde(default, skip_serializing_if = "Option::is_none")] pub executable: Option, + /// Filesystem rules for filesystem access. #[serde(default, skip_serializing_if = "Option::is_none")] pub filesystem: Option, + /// Network rules for network access. #[serde(default, skip_serializing_if = "Option::is_none")] pub network: Option, } +/// Capability rules for Linux capabilities. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileAbstractCapability { + /// AllowedCapabilities lost of allowed capabilities. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowedCapabilities")] pub allowed_capabilities: Option>, } +/// Executable rules for allowed executables. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileAbstractExecutable { + /// AllowedExecutables list of allowed executables. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowedExecutables")] pub allowed_executables: Option>, + /// AllowedLibraries list of allowed libraries. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowedLibraries")] pub allowed_libraries: Option>, } +/// Filesystem rules for filesystem access. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileAbstractFilesystem { + /// ReadOnlyPaths list of allowed read only file paths. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readOnlyPaths")] pub read_only_paths: Option>, + /// ReadWritePaths list of allowed read write file paths. #[serde(default, skip_serializing_if = "Option::is_none", rename = "readWritePaths")] pub read_write_paths: Option>, + /// WriteOnlyPaths list of allowed write only file paths. #[serde(default, skip_serializing_if = "Option::is_none", rename = "writeOnlyPaths")] pub write_only_paths: Option>, } +/// Network rules for network access. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileAbstractNetwork { + /// AllowRaw allows raw sockets. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowRaw")] pub allow_raw: Option, + /// Protocols keeps the allowed networking protocols. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowedProtocols")] pub allowed_protocols: Option, } +/// Protocols keeps the allowed networking protocols. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileAbstractNetworkAllowedProtocols { + /// AllowTCP allows TCP socket connections. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowTcp")] pub allow_tcp: Option, + /// AllowUDP allows UDP sockets connections. #[serde(default, skip_serializing_if = "Option::is_none", rename = "allowUdp")] pub allow_udp: Option, } -/// AppArmorProfileStatus defines the observed state of AppArmorProfile +/// AppArmorProfileStatus defines the observed state of AppArmorProfile. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct AppArmorProfileStatus { + /// Conditions of the resource. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub conditions: Option>, + /// ProfileState defines the state that the profile is in. A profile in this context + /// refers to a SeccompProfile or a SELinux profile, the states are shared between them + /// as well as the management API. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub status: Option, } diff --git a/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs b/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs index b344f9321..0b16f167b 100644 --- a/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs +++ b/kube-custom-resources-rs/src/security_profiles_operator_x_k8s_io/v1alpha1/securityprofilesoperatordaemons.rs @@ -302,24 +302,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAffinityPreferredDuringSched pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -423,24 +423,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAffinityRequiredDuringSchedu pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -575,24 +575,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAntiAffinityPreferredDuringS pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -696,24 +696,24 @@ pub struct SecurityProfilesOperatorDaemonAffinityPodAntiAffinityRequiredDuringSc pub label_selector: Option, /// MatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - /// Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both matchLabelKeys and labelSelector. + /// Also, matchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabelKeys")] pub match_label_keys: Option>, /// MismatchLabelKeys is a set of pod label keys to select which pods will /// be taken into consideration. The keys are used to lookup values from the - /// incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + /// incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` /// to select the group of existing pods which pods will be taken into consideration /// for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming /// pod labels will be ignored. The default value is empty. - /// The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - /// Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - /// This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + /// The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + /// Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + /// This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). #[serde(default, skip_serializing_if = "Option::is_none", rename = "mismatchLabelKeys")] pub mismatch_label_keys: Option>, /// A label query over the set of namespaces that the term applies to. @@ -810,11 +810,9 @@ pub struct SecurityProfilesOperatorDaemonDaemonResourceRequirements { /// Claims lists the names of resources, defined in spec.resourceClaims, /// that are used by this container. /// - /// /// This is an alpha field and requires enabling the /// DynamicResourceAllocation feature gate. /// - /// /// This field is immutable. It can only be set for containers. #[serde(default, skip_serializing_if = "Option::is_none")] pub claims: Option>, @@ -837,6 +835,11 @@ pub struct SecurityProfilesOperatorDaemonDaemonResourceRequirementsClaims { /// the Pod where this field is used. It makes that resource available /// inside a container. pub name: String, + /// Request is the name chosen for a request in the referenced claim. + /// If empty, everything from the claim is made available, otherwise + /// only the result of this request. + #[serde(default, skip_serializing_if = "Option::is_none")] + pub request: Option, } /// LocalObjectReference contains enough information to let you locate the @@ -844,8 +847,10 @@ pub struct SecurityProfilesOperatorDaemonDaemonResourceRequirementsClaims { #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SecurityProfilesOperatorDaemonImagePullSecrets { /// Name of the referent. + /// This field is effectively required, but due to backwards compatibility is + /// allowed to be empty. Instances of this type with an empty value here are + /// almost certainly wrong. /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - /// TODO: Add other useful fields. apiVersion, kind, uid? #[serde(default, skip_serializing_if = "Option::is_none")] pub name: Option, } diff --git a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs index 04028d616..0cf3ca5e0 100644 --- a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs +++ b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworknodestates.rs @@ -24,6 +24,8 @@ pub struct SriovNetworkNodeStateSpec { pub bridges: Option, #[serde(default, skip_serializing_if = "Option::is_none")] pub interfaces: Option>, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub system: Option, } /// Bridges contains list of bridges @@ -130,6 +132,21 @@ pub struct SriovNetworkNodeStateInterfacesVfGroups { pub vf_range: Option, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct SriovNetworkNodeStateSystem { + /// RDMA subsystem. Allowed value "shared", "exclusive". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rdmaMode")] + pub rdma_mode: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SriovNetworkNodeStateSystemRdmaMode { + #[serde(rename = "shared")] + Shared, + #[serde(rename = "exclusive")] + Exclusive, +} + /// SriovNetworkNodeStateStatus defines the observed state of SriovNetworkNodeState #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SriovNetworkNodeStateStatus { @@ -142,6 +159,8 @@ pub struct SriovNetworkNodeStateStatus { pub last_sync_error: Option, #[serde(default, skip_serializing_if = "Option::is_none", rename = "syncStatus")] pub sync_status: Option, + #[serde(default, skip_serializing_if = "Option::is_none")] + pub system: Option, } /// Bridges contains list of bridges @@ -276,3 +295,18 @@ pub struct SriovNetworkNodeStateStatusInterfacesVfs { pub vf_id: i64, } +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct SriovNetworkNodeStateStatusSystem { + /// RDMA subsystem. Allowed value "shared", "exclusive". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rdmaMode")] + pub rdma_mode: Option, +} + +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SriovNetworkNodeStateStatusSystemRdmaMode { + #[serde(rename = "shared")] + Shared, + #[serde(rename = "exclusive")] + Exclusive, +} + diff --git a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs index 1bed563de..a9ba43d78 100644 --- a/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs +++ b/kube-custom-resources-rs/src/sriovnetwork_openshift_io/v1/sriovnetworkpoolconfigs.rs @@ -35,6 +35,9 @@ pub struct SriovNetworkPoolConfigSpec { /// OvsHardwareOffloadConfig describes the OVS HWOL configuration for selected Nodes #[serde(default, skip_serializing_if = "Option::is_none", rename = "ovsHardwareOffloadConfig")] pub ovs_hardware_offload_config: Option, + /// RDMA subsystem. Allowed value "shared", "exclusive". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "rdmaMode")] + pub rdma_mode: Option, } /// nodeSelector specifies a label selector for Nodes @@ -79,6 +82,15 @@ pub struct SriovNetworkPoolConfigOvsHardwareOffloadConfig { pub name: Option, } +/// SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum SriovNetworkPoolConfigRdmaMode { + #[serde(rename = "shared")] + Shared, + #[serde(rename = "exclusive")] + Exclusive, +} + /// SriovNetworkPoolConfigStatus defines the observed state of SriovNetworkPoolConfig #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct SriovNetworkPoolConfigStatus { diff --git a/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs b/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs index 093b78b97..721d659d7 100644 --- a/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs +++ b/kube-custom-resources-rs/src/tempo_grafana_com/v1alpha1/tempostacks.rs @@ -2289,7 +2289,6 @@ pub struct TempoStackTemplateQueryFrontendJaegerQueryMonitorTab { #[serde(default, skip_serializing_if = "Option::is_none", rename = "prometheusEndpoint")] pub prometheus_endpoint: Option, /// REDMetricsNamespace defines the a prefix used retrieve span rate, error, and duration (RED) metrics. - /// By default it is set to `traces.span.metrics` following the default namespace of the OpenTelemetry Collector since Version 0.109.0. #[serde(default, skip_serializing_if = "Option::is_none", rename = "redMetricsNamespace")] pub red_metrics_namespace: Option, } diff --git a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs index c60b7ec58..c425df7eb 100644 --- a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs +++ b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/clusterresourcebindings.rs @@ -26,7 +26,6 @@ pub struct ClusterResourceBindingSpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -81,7 +80,6 @@ pub struct ClusterResourceBindingSpec { /// It works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in /// status.lastScheduledTime will the rescheduling actually execute, otherwise, ignored. /// - /// /// It is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rescheduleTriggeredAt")] pub reschedule_triggered_at: Option, @@ -152,6 +150,22 @@ pub struct ClusterResourceBindingFailoverApplication { /// Defaults to "Graciously". #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] pub purge_mode: Option, + /// StatePreservation defines the policy for preserving and restoring state data + /// during failover events for stateful applications. + /// + /// When an application fails over from one cluster to another, this policy enables + /// the extraction of critical data from the original resource configuration. + /// Upon successful migration, the extracted data is then re-injected into the new + /// resource, ensuring that the application can resume operation with its previous + /// state intact. + /// This is particularly useful for stateful applications where maintaining data + /// consistency across failover events is crucial. + /// If not specified, means no state data will be preserved. + /// + /// Note: This requires the StatefulFailoverInjection feature gate to be enabled, + /// which is alpha. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "statePreservation")] + pub state_preservation: Option, } /// DecisionConditions indicates the decision conditions of performing the failover process. @@ -179,15 +193,64 @@ pub enum ClusterResourceBindingFailoverApplicationPurgeMode { Never, } +/// StatePreservation defines the policy for preserving and restoring state data +/// during failover events for stateful applications. +/// +/// When an application fails over from one cluster to another, this policy enables +/// the extraction of critical data from the original resource configuration. +/// Upon successful migration, the extracted data is then re-injected into the new +/// resource, ensuring that the application can resume operation with its previous +/// state intact. +/// This is particularly useful for stateful applications where maintaining data +/// consistency across failover events is crucial. +/// If not specified, means no state data will be preserved. +/// +/// Note: This requires the StatefulFailoverInjection feature gate to be enabled, +/// which is alpha. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterResourceBindingFailoverApplicationStatePreservation { + /// Rules contains a list of StatePreservationRule configurations. + /// Each rule specifies a JSONPath expression targeting specific pieces of + /// state data to be preserved during failover events. An AliasLabelName is associated + /// with each rule, serving as a label key when the preserved data is passed + /// to the new cluster. + pub rules: Vec, +} + +/// StatePreservationRule defines a single rule for state preservation. +/// It includes a JSONPath expression and an alias name that will be used +/// as a label key when passing state information to the new cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ClusterResourceBindingFailoverApplicationStatePreservationRules { + /// AliasLabelName is the name that will be used as a label key when the preserved + /// data is passed to the new cluster. This facilitates the injection of the + /// preserved state back into the application resources during recovery. + #[serde(rename = "aliasLabelName")] + pub alias_label_name: String, + /// JSONPath is the JSONPath template used to identify the state data + /// to be preserved from the original resource configuration. + /// The JSONPath syntax follows the Kubernetes specification: + /// https://kubernetes.io/docs/reference/kubectl/jsonpath/ + /// + /// Note: The JSONPath expression will start searching from the "status" field of + /// the API resource object by default. For example, to extract the "availableReplicas" + /// from a Deployment, the JSONPath expression should be "{.availableReplicas}", not + /// "{.status.availableReplicas}". + #[serde(rename = "jsonPath")] + pub json_path: String, +} + /// GracefulEvictionTask represents a graceful eviction task. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterResourceBindingGracefulEvictionTasks { + /// ClustersBeforeFailover records the clusters where running the application before failover. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clustersBeforeFailover")] + pub clusters_before_failover: Option>, /// CreationTimestamp is a timestamp representing the server time when this object was /// created. /// Clients should not set this value to avoid the time inconsistency issue. /// It is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC. /// - /// /// Populated by the system. Read-only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationTimestamp")] pub creation_timestamp: Option, @@ -205,8 +268,17 @@ pub struct ClusterResourceBindingGracefulEvictionTasks { /// This may be an empty string. #[serde(default, skip_serializing_if = "Option::is_none")] pub message: Option, + /// PreservedLabelState represents the application state information collected from the original cluster, + /// and it will be injected into the new cluster in form of application labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preservedLabelState")] + pub preserved_label_state: Option>, /// Producer indicates the controller who triggered the eviction. pub producer: String, + /// PurgeMode represents how to deal with the legacy applications on the + /// cluster from which the application is migrated. + /// Valid options are "Immediately", "Graciously" and "Never". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] + pub purge_mode: Option, /// Reason contains a programmatic identifier indicating the reason for the eviction. /// Producers may define expected values and meanings for this field, /// and whether the values are considered a guaranteed API. @@ -224,30 +296,34 @@ pub struct ClusterResourceBindingGracefulEvictionTasks { pub suppress_deletion: Option, } +/// GracefulEvictionTask represents a graceful eviction task. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ClusterResourceBindingGracefulEvictionTasksPurgeMode { + Immediately, + Graciously, + Never, +} + /// Placement represents the rule for select clusters to propagate resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ClusterResourceBindingPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -255,7 +331,6 @@ pub struct ClusterResourceBindingPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary diff --git a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs index 7f9251744..9266ac60e 100644 --- a/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs +++ b/kube-custom-resources-rs/src/work_karmada_io/v1alpha2/resourcebindings.rs @@ -27,7 +27,6 @@ pub struct ResourceBindingSpec { /// ConflictResolution declares how potential conflict should be handled when /// a resource that is being propagated already exists in the target cluster. /// - /// /// It defaults to "Abort" which means stop propagating to avoid unexpected /// overwrites. The "Overwrite" might be useful when migrating legacy cluster /// resources to Karmada, in which case conflict is predictable and can be @@ -82,7 +81,6 @@ pub struct ResourceBindingSpec { /// It works with the status.lastScheduledTime field, and only when this timestamp is later than timestamp in /// status.lastScheduledTime will the rescheduling actually execute, otherwise, ignored. /// - /// /// It is represented in RFC3339 form (like '2006-01-02T15:04:05Z') and is in UTC. #[serde(default, skip_serializing_if = "Option::is_none", rename = "rescheduleTriggeredAt")] pub reschedule_triggered_at: Option, @@ -153,6 +151,22 @@ pub struct ResourceBindingFailoverApplication { /// Defaults to "Graciously". #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] pub purge_mode: Option, + /// StatePreservation defines the policy for preserving and restoring state data + /// during failover events for stateful applications. + /// + /// When an application fails over from one cluster to another, this policy enables + /// the extraction of critical data from the original resource configuration. + /// Upon successful migration, the extracted data is then re-injected into the new + /// resource, ensuring that the application can resume operation with its previous + /// state intact. + /// This is particularly useful for stateful applications where maintaining data + /// consistency across failover events is crucial. + /// If not specified, means no state data will be preserved. + /// + /// Note: This requires the StatefulFailoverInjection feature gate to be enabled, + /// which is alpha. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "statePreservation")] + pub state_preservation: Option, } /// DecisionConditions indicates the decision conditions of performing the failover process. @@ -180,15 +194,64 @@ pub enum ResourceBindingFailoverApplicationPurgeMode { Never, } +/// StatePreservation defines the policy for preserving and restoring state data +/// during failover events for stateful applications. +/// +/// When an application fails over from one cluster to another, this policy enables +/// the extraction of critical data from the original resource configuration. +/// Upon successful migration, the extracted data is then re-injected into the new +/// resource, ensuring that the application can resume operation with its previous +/// state intact. +/// This is particularly useful for stateful applications where maintaining data +/// consistency across failover events is crucial. +/// If not specified, means no state data will be preserved. +/// +/// Note: This requires the StatefulFailoverInjection feature gate to be enabled, +/// which is alpha. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceBindingFailoverApplicationStatePreservation { + /// Rules contains a list of StatePreservationRule configurations. + /// Each rule specifies a JSONPath expression targeting specific pieces of + /// state data to be preserved during failover events. An AliasLabelName is associated + /// with each rule, serving as a label key when the preserved data is passed + /// to the new cluster. + pub rules: Vec, +} + +/// StatePreservationRule defines a single rule for state preservation. +/// It includes a JSONPath expression and an alias name that will be used +/// as a label key when passing state information to the new cluster. +#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] +pub struct ResourceBindingFailoverApplicationStatePreservationRules { + /// AliasLabelName is the name that will be used as a label key when the preserved + /// data is passed to the new cluster. This facilitates the injection of the + /// preserved state back into the application resources during recovery. + #[serde(rename = "aliasLabelName")] + pub alias_label_name: String, + /// JSONPath is the JSONPath template used to identify the state data + /// to be preserved from the original resource configuration. + /// The JSONPath syntax follows the Kubernetes specification: + /// https://kubernetes.io/docs/reference/kubectl/jsonpath/ + /// + /// Note: The JSONPath expression will start searching from the "status" field of + /// the API resource object by default. For example, to extract the "availableReplicas" + /// from a Deployment, the JSONPath expression should be "{.availableReplicas}", not + /// "{.status.availableReplicas}". + #[serde(rename = "jsonPath")] + pub json_path: String, +} + /// GracefulEvictionTask represents a graceful eviction task. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceBindingGracefulEvictionTasks { + /// ClustersBeforeFailover records the clusters where running the application before failover. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "clustersBeforeFailover")] + pub clusters_before_failover: Option>, /// CreationTimestamp is a timestamp representing the server time when this object was /// created. /// Clients should not set this value to avoid the time inconsistency issue. /// It is represented in RFC3339 form(like '2021-04-25T10:02:10Z') and is in UTC. /// - /// /// Populated by the system. Read-only. #[serde(default, skip_serializing_if = "Option::is_none", rename = "creationTimestamp")] pub creation_timestamp: Option, @@ -206,8 +269,17 @@ pub struct ResourceBindingGracefulEvictionTasks { /// This may be an empty string. #[serde(default, skip_serializing_if = "Option::is_none")] pub message: Option, + /// PreservedLabelState represents the application state information collected from the original cluster, + /// and it will be injected into the new cluster in form of application labels. + #[serde(default, skip_serializing_if = "Option::is_none", rename = "preservedLabelState")] + pub preserved_label_state: Option>, /// Producer indicates the controller who triggered the eviction. pub producer: String, + /// PurgeMode represents how to deal with the legacy applications on the + /// cluster from which the application is migrated. + /// Valid options are "Immediately", "Graciously" and "Never". + #[serde(default, skip_serializing_if = "Option::is_none", rename = "purgeMode")] + pub purge_mode: Option, /// Reason contains a programmatic identifier indicating the reason for the eviction. /// Producers may define expected values and meanings for this field, /// and whether the values are considered a guaranteed API. @@ -225,30 +297,34 @@ pub struct ResourceBindingGracefulEvictionTasks { pub suppress_deletion: Option, } +/// GracefulEvictionTask represents a graceful eviction task. +#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)] +pub enum ResourceBindingGracefulEvictionTasksPurgeMode { + Immediately, + Graciously, + Never, +} + /// Placement represents the rule for select clusters to propagate resources. #[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] pub struct ResourceBindingPlacement { /// ClusterAffinities represents scheduling restrictions to multiple cluster /// groups that indicated by ClusterAffinityTerm. /// - /// /// The scheduler will evaluate these groups one by one in the order they /// appear in the spec, the group that does not satisfy scheduling restrictions /// will be ignored which means all clusters in this group will not be selected /// unless it also belongs to the next group(a cluster could belong to multiple /// groups). /// - /// /// If none of the groups satisfy the scheduling restrictions, then scheduling /// fails, which means no cluster will be selected. /// - /// /// Note: /// 1. ClusterAffinities can not co-exist with ClusterAffinity. /// 2. If both ClusterAffinity and ClusterAffinities are not set, any cluster /// can be scheduling candidates. /// - /// /// Potential use case 1: /// The private clusters in the local data center could be the main group, and /// the managed clusters provided by cluster providers could be the secondary @@ -256,7 +332,6 @@ pub struct ResourceBindingPlacement { /// to the main group and the second group will only be considered in case of /// the main group does not satisfy restrictions(like, lack of resources). /// - /// /// Potential use case 2: /// For the disaster recovery scenario, the clusters could be organized to /// primary and backup groups, the workloads would be scheduled to primary